Migration process

Edit online

Overview of the process to migrate the data from IBM Security Verify Governance - Verify Governance (ISVG-GOV) system (alternatively called as IGI) to IBM Verify Identity Governance (IVIG).

Overview

This topic describes the recommended migration process to migrate your ISVG-IGI data to IVIG .

Migration process

It is recommended to follow following execution flow for performing the IGI Migration.

  1. Read all the configurations from IGI.

    1. Read User configurations

    2. Read Application configurations

    3. Read Account configurations

    4. Read OU configurations

    5. Read Role configurations

    6. Read Provisioning rules

    7. Read Campaign configurations

    8. Read Email notifications

  2. Read, convert and load OUs

    1. Read OU

    2. Convert OU

    3. Load OU

  3. Read Users using the IGI Migration utility.

    1. Read Users

    2. Load users into IVIG via datasource/feed service.

  4. Read, convert and load services.

    1. Read connectors

    2. Convert connectors - This will automatically convert and load the services in IVIG.

    3. Once the service is loaded into IVIG, please update the service password on the service form and perform a test connection operation.

    4. Create the required policies for this service like adoption policy and provisioning policy.

    5. Then perform a service reconciliation.

    6. Once the service reconciliation is successful, enable access for all the required reconciled groups.

  5. Read, convert and load roles.

    1. Read roles - This will read application and organizational roles and generate separate CSV files for both.

    2. Convert roles - This will convert the application roles from CSV to JSON format.

    3. Load roles - This will automatically load application roles and its composition. It will then convert and load the organizational roles and its composition.

  6. Read, convert and load risks.

    1. Read risks.

    2. Convert risks.

    3. Load risks.

  7. Read, convert and load mitigations.

    1. Read mitigations.

    2. Convert mitigations. - This will convert and load the mitigations in IVIG. It will also associate the mitigations to applicable risks.

  8. Read, convert and load business activities.

    1. Read business activities.

    2. Convert business activities. - This will convert and load the business activities in IVIG. It will also perform below mappings,

      1. Associate business activities with the existing risks.

      2. Associate business activities with the existing permissions.

      3. Finally, associate risky users to mitigations. If all users aren't evaluated by the time this script is called, it is recommended to use load mitigations with operation as retry. Below is an example for the same.

      ./migration.sh -dbu <IGI_DB_User> -dbp <IGI_DB_Password> -ivigu <IVIG_User> -ivigp <IVIG_Password> -o retry -e mitigations