App & Identity Migration

5 Step Identity & App Migration from SiteMinder to Azure AD

Image of path at sunrise

SiteMinder is nearing EOL (end of life) and will no longer be supported after 2022. Since you’re reading this, that’s probably not news to you. If you’ve been living in denial and putting off dealing with the giant, flashing elephant in the room (that is migration from SiteMinder), you’re not alone. 

According to a recent McAfee survey, the average enterprise has almost 800 applications. Yet, the majority of enterprise workloads still have yet to migrate to the cloud. Because moving apps and identities is complicated.  

To put it simply, app migration is such a quagmire because old, on-premises systems are built so differently from modern cloud systems. Before an app can be moved, the code needs to be rewritten. For some apps, it simply isn’t possible to recode. And that’s just the tip of the iceberg for app and identity migration.

In this article, we’ll look at the challenges preventing enterprises from migrating their apps and identities off SiteMinder. Then we’ll go through the 5 step process for app and identity migration from SiteMinder to a cloud IdP like Azure AD that will help you get over your fears of app migration for good. 

Challenges of app migrations from SiteMinder

Migrating apps off legacy systems like SiteMinder to a cloud IdP, like Azure AD is hard and riddled with complications and challenges. 

Apps are stuck in legacy, on-prem systems

The first big challenge is that apps are stuck. Over the years, hundreds or even thousands of applications have been installed and integrated with your company’s SiteMinder environment. These applications can’t be moved to the Cloud because they’re tied into SiteMinder and running on-premises. 

Migrations take so long and cost so much

The second challenge is the cost — both time and money. It’s incredibly expensive to rewrite applications, and it typically takes about six months per app. That adds up quickly, especially with hundreds or thousands of applications.

Sometimes it isn’t even possible to rewrite applications. Maybe you don’t have source code as with a commercial application. Or even if you custom-built the application, you may not have the technical bandwidth or the team available with the knowledge to rewrite the application.

Moving to the Cloud is complicated

The third challenge is complexity. Each application uses different technology to handle the user session. In the modern world, apps use SAML or OpenID Connect, whereas legacy systems use headers, cookies, and Kerberos. The problem is that there are many different ways in how the application expects to consume identity. It’s just not a straightforward path.

The State of Multi-Cloud Identity Report 2021 is here. Download the report. 

Lift & shift vs a big bang approach

There are two ways to do an app migration project: ‘big bang’ or ‘lift and shift’. A big bang may seem like a good idea when there is a need for speed, but it almost always backfires. Inevitably, there will be a hiccup and you’ll have to go back to start.

The lift and shift approach makes app and identity migrations incremental. Not migrating everything all at once allows the two worlds of Azure AD and the cloud along with SiteMinder on premises to coexist. From a coexistence perspective, you need to be able to simultaneously work with both identity systems.

Strata’s 5 step process for app & identity migration 

Identity orchestration is a new approach that automates the migration of applications and users to the Cloud. Strata has developed a 5 step process for app & identity migration that consists of the following:

  1. Discovery
  2. User migration 
  3. App migration
  4. Hybrid coexistence 
  5. Retire legacy

Identity orchestration software automates much of the identity migration process and enables enterprises to move off SiteMinder without rewriting apps. 

Below are some further details about how to adopt the 5 step app & identity migration process. 

Step 1: Discover Identity and Apps

The first part of the 5 step migration process involves discovering the identities and applications in your SiteMinder deployment. When looking at the data inside of SiteMinder, use Strata’s free tool called Maverics Identity Discovery

Discovery is like an x-ray for your site minder environment. It connects to SiteMinder and understands how your applications are configured, and which ones could be risky or complex migrations.

It also gives you the information to be able to catalog all of your identity topologies. From your servers to your agents, you have insight into how your environment looks so that you can plan a very deliberate and predictable migration.

Illustration of 5 step app migration process

Step 2: User Migration from SiteMinder

Step two is to migrate the user identities. Meaning, all the different sources of identity that are on-premises. Whether it’s on SiteMinder, connected, LDF, directories, and databases or applications that have APIs.

Maverics then pulls from your multiple identity sources and creates a unified identity space and creates those replicated accounts into Azure AD. 

This part of the process is an opportunity to harden the accounts. Add 2-step verification or multi-factor authentication (MFA) to protect them better off-premises. 

Step 3: App Migration from SiteMinder

Once the users are migrated, the focus shifts to migrating the applications. With Maverics, there is no need to rewrite any apps to migrate them off SiteMinder to the Cloud. 

Maverics uses a configuration and no custom code approach to make the application think that it’s talking to the legacy system. When in fact it’s talking to Azure AD. This has been done without changing any of the application’s code itself. 

Maverics works with applications that run on-premises, in a public cloud on Azure, as well as SaaS based applications.

Step 4: Hybrid Coexistence 

Since the migration is incremental, you need to operate in a hybrid coexistence mode. It’s another way to think about secure hybrid access, where you may have applications and data that you don’t want to move to the cloud, but you want to instead keep on-premises.

To enable coexistence, run Maverics on the edge of the enterprise where the identities can live in Azure AD. The users will sign into Azure and Azure AD in turn connects to Maverics. Then, it passes that session into the application and can also tie into the coexistence of SiteMinder.

In coexistence mode, both Azure AD and SiteMinder are running during the transition of the applications and users from legacy into the cloud. In the same effort, Maverics is able to extend multi-factor authentication to your applications without rewriting. Which leads us to the last step.

Step 5: Retire Legacy Identity

Time to shut down and retire your legacy identity systems. The big benefit here is that you can decommission your expensive and bulky legacy infrastructure and save both on the licensing support and infrastructure. But probably more important to the teams doing this is that they can now focus on more interesting work rather than dealing with a 20 plus-year-old legacy environment.

Benefits of identity orchestration when migrating to the cloud

Migrating from SiteMinder is necessary; taking years and hundreds of millions of dollars to do the migration is not necessary. Identity Orchestration, enables enterprises to speed up the process of moving applications and identity from SiteMinder by eliminating the need to rewrite apps. Identity Orchestration runs SiteMinder simultaneously with cloud identity from Azure AD while you still require both systems. Then, when you’re ready, retire your legacy system and enjoy the benefits of the modern cloud world. Talk to the Strata team about Maverics Identity Orchestration today. 

Now there's a migration recipe to move from SiteMinder to Azure AD.