App Identity Modernization

5 step identity & app migration from SiteMinder to Azure AD

Image of path at sunrise

SiteMinder is nearing its end of service or end of life (EOL). After 2022, it will no longer be supported, and clients will need to migrate their applications to another system, like Azure AD. You’re not alone if you’ve been avoiding that elephant in the room.

According to the 2022 State of Multi-cloud Report, 82% of companies with over one billion dollars in revenue use three or more clouds. But they are still managing a hybrid state of on-prem and multi-cloud.

Only one-fifth of enterprise organizations have been able to get the majority of their workloads off legacy, on-premises identity systems to the cloud, and just 20% believe they will be able to ever fully move to the cloud.

What’s causing this quagmire? Moving apps and identities is hard because old, on-premises systems aren’t built for modern cloud systems. Before an app can be moved, the code needs to be rewritten to be compatible with a cloud system. For some apps, it simply isn’t possible to recode.

In this article, we’ll look at the challenges keeping enterprises from migrating their apps and identities off SiteMinder. We’ll also introduce Strata’s 5-step process for app and identity modernization from SiteMinder. This process will give you a clear path forward so you can rest easy.

What are the challenges of moving apps off SiteMinder?

Migrating apps off legacy systems like SiteMinder is difficult and riddled with complications. Here’s a few of the challenges you’ll deal with:

Apps are stuck in legacy, on-premises systems

The first big challenge is that apps are stuck. Over the years, hundreds — maybe even thousands — of applications have been installed and integrated with your company’s SiteMinder environment.

These applications can’t be moved to the cloud, because they’re tied into SiteMinder and running on-premises. It would take a major code rewrite to make the apps adaptable to the cloud.

Modernization can be lengthy and costly

The second challenge is the cost — both time and money. It’s incredibly expensive to rewrite applications, and it typically takes at least six months per app. That adds up quickly, especially with hundreds or thousands of applications.

Sometimes it isn’t even possible to rewrite applications, because you don’t have source code. Even if you custom-built the application, you may not have the technical bandwidth or a team with the knowledge to rewrite the application.

Moving apps to the cloud is complicated

Each application uses different technology to handle the user session. In the modern world, apps use SAML or OpenID Connect, whereas legacy systems use headers, cookies, and Kerberos.

The problem is that there are many different ways that the application expects to consume identity. It’s just not a straightforward path.

The State of Multi-Cloud Identity Report 2022 is here. Download the report.

Should you use a “big bang” or “lift & shift” approach to moving off on-prem?

There are two ways to approach an app modernization project: “big bang” or “lift-and-shift.” A big bang approach may seem like a good idea when there is a need for speed, but it almost always backfires. Inevitably, there will be a hiccup and you’ll have to go back to the start.

The lift-and-shift approach means moving apps and identities incrementally. Not doing everything all at once allows the two worlds of the cloud and on-premises to coexist. From this perspective, you need to be able to simultaneously work with both identity systems.

Strata’s 5-step process for app & identity modernization

Identity orchestration is a new approach that automates the modernization of applications and users to the cloud. Strata’s 5-step process for app and identity modernization is below:

  1. Discovery
  2. User migration
  3. App migration
  4. Hybrid coexistence
  5. Retire legacy

Identity orchestration software automates much of the process and enables enterprises to move off SiteMinder without rewriting apps. Let’s explore the details of the 5 step app and identity modernization process.

Step 1: Discover identities and applications

First, take an inventory of all the identities and applications in your SiteMinder deployment. Use the Maverics Platform to look at the data inside of SiteMinder.

Maverics is like an x-ray for your SiteMinder environment. It connects then, discovers how your applications are configured, and determines which ones could be risky or complex migrations.

Maverics also gives you the information to catalog your identity structures. From your servers to your agents, you know how your environment looks so that you can plan a deliberate and predictable migration.

Step 2: Migrate users from SiteMinder

Migrate all of the different identity sources that are on-premises. This includes everything, whether it’s on SiteMinder, connected, LDF, directories and databases, or applications with APIs.

Maverics pulls data from your multiple identity sources and creates a unified identity space. It then replicates those accounts in Azure AD.

This part of the process gives you the opportunity to harden your user accounts. Add 2-step verification or multi-factor authentication (MFA) to protect them better off-premises.

Step 3: Migrate apps from SiteMinder

Once the users are migrated, migrate the applications. With Maverics, there is no need to rewrite any apps to get them off SiteMinder to the cloud.

Maverics uses a configuration and no-code approach to make the application think that it’s talking to the legacy system. Instead, the app is talking to Azure AD. This is done without changing any of the application’s code itself.

Identity Orchestration works with applications that run on-premises, in a public cloud on Azure, and with SaaS-based applications.

Step 4: Go to a hybrid coexistence

An incremental move to the cloud means you need to operate in a hybrid coexistence mode — some apps and data are in the cloud and some are on-premises. In coexistence mode, both Azure AD and SiteMinder are running during the transition to the cloud.

Run Maverics on the edge of the enterprise where the identities can live in Azure AD. Users sign into Azure, and Azure AD connects to Maverics. Maverics then passes the session into the application and ties into the coexistence of SiteMinder.

During this step, Maverics extends multi-factor authentication to your applications without any rewriting. This leads us to the last step.

Step 5: Retire legacy identity systems

Now it’s time to shut down and retire your legacy identity systems. The big benefit here is that you can decommission your expensive and bulky legacy infrastructure, and save money on the licensing support.

Just as important, your teams doing this can now focus on more interesting work that can propel your company forward rather than dealing with a 20-plus-year-old legacy environment.

What are the benefits of Identity Orchestration when moving to the cloud?

Moving your legacy applications from SiteMinder isn’t optional. But saving years and millions of dollars doing it is an option. Identity Orchestration lets you speed up the process of moving applications and identity from SiteMinder by eliminating the need to rewrite apps.

Identity Orchestration runs SiteMinder simultaneously with cloud identity from Azure AD as long as you need to run both systems. Then, when you’re ready, you can retire your legacy system and enjoy the benefits of the modern cloud world.

Talk to the Strata team about Maverics Identity Orchestration today.

Now there's a migration recipe to move from SiteMinder to Azure AD