{"id":4228,"date":"2021-06-07T13:51:38","date_gmt":"2021-06-07T20:51:38","guid":{"rendered":"https:\/\/www.strata.io\/?p=4228"},"modified":"2024-02-02T10:31:36","modified_gmt":"2024-02-02T18:31:36","slug":"5-step-identity-app-migration-from-siteminder-to-azuread","status":"publish","type":"post","link":"https:\/\/www.strata.io\/blog\/app-identity-modernization\/5-step-identity-app-migration-from-siteminder-to-azuread\/","title":{"rendered":"How to migrate from SiteMinder to a modern identity provider in 5 steps"},"content":{"rendered":"
[vc_row][vc_column][vc_column_text][\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]Some versions of SiteMinder<\/a> have reached their end of service<\/a> or end of life (EOL) date. Many customers <\/span>running on end-of-service versions have been left with the decision of either migrating to a new, modern identity provider or staying and dealing with the hefty lock-in fees.\u00a0<\/span><\/p>\n If you\u2019ve been avoiding that elephant in the room, you\u2019re not alone.\u00a0<\/span><\/p>\n In this post, we\u2019ll look at the\u00a0<\/span>challenges keeping enterprises<\/span><\/a> from migrating their apps and identities off legacy identity providers like SiteMinder. We\u2019ll also introduce Strata\u2019s 5-step process for app and identity migration from SiteMinder. <\/span>This process will give you a clear path forward so you can put your mind at ease.<\/span><\/p>\n According to the\u00a0<\/span>2023 State of Multi-cloud Report<\/span><\/a>, 79% of enterprises use two or more identity providers (IDPs), an 18% increase from 2022. They are also having to manage a hybrid state of on-prem and multi-cloud.<\/span><\/p>\n Only one-fifth of enterprise organizations in the report have been able to get the majority of their workloads off legacy, on-premises identity systems to the cloud, and just 20% believe they will ever be able fully to move to the cloud.\u00a0<\/span><\/p>\n The harsh reality for many enterprises is the consistent struggle with identity modernization<\/a> barriers like source code and resourcing, with 78% of respondents still facing those hurdles. Why? Because moving apps and identities is hard \u2014 since old, on-premises systems aren\u2019t built for modern cloud systems. Traditionally, before an app could be moved, the code needed to be rewritten to be compatible with a cloud system. For some apps, it simply isn\u2019t possible to recode.<\/span><\/p>\n Migrating apps off legacy systems<\/span><\/a>\u00a0like SiteMinder is difficult and riddled with complications.\u00a0<\/span>Here are a few of the challenges you\u2019ll deal with:<\/span><\/p>\n Apps are stuck in legacy, on-premises systems These applications can\u2019t be moved to the cloud, because they\u2019re tied into the legacy IDP and running on-premises. It would take a major code rewrite to make the apps adaptable to the cloud.<\/span><\/p>\n Modernization can be lengthy and costly Sometimes it isn\u2019t even possible to rewrite applications because you don\u2019t have source code. Even if you custom-built the application, you may not have the technical bandwidth or a team with the knowledge to rewrite the application.<\/span><\/p>\n Moving apps to the cloud is complicated The challenge here is that there are many different ways that the application expects to consume identity; it\u2019s just not a straightforward path.<\/span><\/p>\n There are two ways to approach an app modernization project: \u201cbig-bang\u201d or \u201clift-and-shift.\u201d A big-bang approach may seem like a good idea when there is a need for speed, but it almost always backfires. Inevitably, there will be a hiccup, and you\u2019ll have to start from scratch.<\/span><\/p>\n The lift-and-shift approach involves moving apps and identities incrementally. Not doing everything all at once allows the two worlds of the cloud and on-premises to coexist. From this perspective, you need to be able to work with both identity systems simultaneously.<\/span><\/p>\n Identity Orchestration is a new approach that automates the modernization of applications and users to the cloud.\u00a0<\/span>Our 5-step process for app and identity modernization includes:<\/span><\/p>\n Identity orchestration software<\/span><\/a>\u00a0automates much of the process and enables enterprises to move off SiteMinder without rewriting apps.\u00a0<\/span><\/p>\n Let\u2019s explore the details of this 5-step app and identity modernization process.<\/span><\/p>\n Step 1: Discover identities and applications<\/b><\/p>\n First, take an inventory of all the identities and applications in your SiteMinder deployment. Use the\u00a0<\/span>Maverics Platform<\/span><\/a>\u00a0to look at the data inside of SiteMinder.<\/span><\/p>\n Think of Maverics like an x-ray for your SiteMinder environment. It connects, then discovers how your applications are configured and determines which ones could be risky or complex migrations.<\/span><\/p>\n Maverics also gives you the information to catalog your identity structures. From your servers to your agents, you\u2019ll know how your environment looks so that you can plan a deliberate and predictable migration.<\/span><\/p>\n Step 2: Migrate users from SiteMinder<\/b><\/p>\n Migrate all of the different identity sources that are on-premises. This includes everything, whether it\u2019s on SiteMinder, connected, LDF, directories and databases, or applications with APIs.<\/span><\/p>\n Maverics pulls data from your multiple identity sources and creates a unified identity space. It then replicates those accounts in a modern identity provider like Entra ID.<\/span><\/p>\n This part of the process gives you the opportunity to harden your user accounts, like <\/span>adding 2-step verification or multi-factor authentication\u00a0(MFA)<\/span><\/a> to protect them better off-premises.<\/span><\/p>\n Step 3: Migrate apps from SiteMinder<\/b><\/p>\n Once the users are migrated, migrate the applications. With Maverics, there is no need to rewrite any apps to get them off SiteMinder to the cloud.<\/span><\/p>\n Maverics uses a configuration and no-code approach to make the application think that it\u2019s talking to the legacy system. Instead, the app is talking to a modern identity provider without changing any of the application\u2019s code itself.<\/span><\/p>\n Identity Orchestration works with applications that run on-premises,\u00a0in a public cloud on Entra ID, and with SaaS-based applications.<\/span><\/p>\n Step 4: Go to a hybrid coexistence<\/b><\/p>\n An incremental move to the cloud means you need to operate in a hybrid coexistence mode \u2014 some apps and data are in the cloud and some are on-premises. In coexistence mode, both the new identity provider and SiteMinder are running during the transition to the cloud.<\/span><\/p>\n Run Maverics on the edge of the enterprise where the identities can live with the identity provider. Users sign into the identity provider, and it connects to Maverics. Maverics then passes the session into the application and ties into the coexistence of SiteMinder.<\/span><\/p>\n During this step, Maverics extends multi-factor authentication to your applications without any rewriting.<\/span><\/p>\n Step 5: Retire legacy identity systems<\/b><\/p>\n Now it\u2019s time to shut down and retire your legacy identity systems. The big benefit here is that you can decommission your expensive and bulky legacy infrastructure and save money on licensing support.<\/span><\/p>\n Just as important, your teams doing this can now focus on more interesting work that can propel your company forward instead of having to deal with a 20-plus-year-old legacy environment.<\/span><\/p>\nApps on legacy IDPs are incompatible with modern identity systems<\/span><\/h2>\n
What are the challenges of moving applications off a legacy, on-premises IDP?<\/h2>\n
\n<\/b>The first big challenge is that apps are stuck. Since you started developing apps, hundreds \u2014 if not thousands \u2014 of applications have been installed and integrated with your company\u2019s legacy identity environment.<\/span><\/p>\n
\n<\/b>The second challenge is the cost \u2014 both time and money. It\u2019s incredibly expensive to rewrite applications, and it typically takes at least six months per app. Those numbers add up quickly, especially with hundreds or thousands of applications.<\/span><\/p>\n
\n<\/b>Each application uses a different language to handle the user session, so IDPs can’t speak to each other. In the modern world, apps use SAML or OpenID Connect, while legacy systems use headers, cookies, and Kerberos.<\/span><\/p>\nShould you use a \u201cbig-bang\u201d or \u201clift & shift\u201d approach to migrating apps and identities off on-prem IDPs?<\/h3>\n
The 5-step process for app and identity modernization<\/h2>\n
\n
What are the benefits of Identity Orchestration when migrating off a legacy IDP?<\/h2>\n