1. Learn about migrating from on-premises access management to Oracle Identity Cloud Service
  2. Learn About How Migration Works

Learn About How Migration Works

Migrating from an on-premises access management system to Oracle Identity Cloud Service requires you to identify your stage, verify the base requirements to advance from one stage to another, and decide which stage is right for you.

Which Stage Are You In?

In this section, you learn about common scenarios that help you identify your stage on the roadmap.

  • Stage 1

    • You have segregated environments for your on-premises and cloud applications.
    • Single Sign-On (SSO) isn't established between some on-premises and cloud applications. When this occurs, your users must sign in to access their on-premises applications, and then sign in again to access the cloud applications, through different authentication flows.

  • Stage 2

    You use Oracle Identity Cloud Service to establish SSO between on-premises and cloud applications. Users authenticate only once to access both types of applications. Here are the most common scenarios for this stage:

    • The on-premises access management system provides the sign-in page. The access management system is the identity provider, and Oracle Identity Cloud Service is the service provider. This scenario applies when you don't want to change the user's authentication process, or want to change it at a later stage.
    • Oracle Identity Cloud Service provides the sign-in page. Oracle Identity Cloud Service is the identity provider, and the on-premises access management system is the service provider. This scenario applies when you changed the user's authentication process after they integrated their access management system with Oracle Identity Cloud Service.

  • Stage 3

    You started integrating your on-premises applications with Oracle Identity Cloud Service.

  • Stage 4

    • Your on-premises applications no longer depend upon your on-premises access management system.
    • Oracle Identity Cloud Service is the identity provider for your on-premises and cloud applications.
    • For applications that can't be migrated and remain dependent upon your on-premises access management system, Oracle Identity Cloud Service is their identity provider and the access management system is the service provider.

When Should You Move from One Stage to Another?

For each stage, you need to identify the base requirements needed to advance in the roadmap, as follows.

The following list illustrates these requirements:

  • From stage 1 to stage 2

    • You synchronized your user accounts between the on-premises access management system and Oracle Identity Cloud Service.
    • You defined whether you want to use Oracle Identity Cloud Service or the on-premises access management system as the identity provider.
    • If you want to use Oracle Identity Cloud Service's authentication flow, then you communicated the changes in the authentication process to your users.
    • If you have cloud applications from other cloud vendors, then you integrated these applications with Oracle Identity Cloud Service for authentication purposes.

  • From stage 2 to stage 3

    • For each of your applications, you identified which method you can use to integrate them with Oracle Identity Cloud Service for authentication purposes.
    • If your applications have their own identity stores, then you synchronized the user accounts between these applications and Oracle Identity Cloud Service.

  • From stage 3 to stage 4

    • Most of your applications use Oracle Identity Cloud Service as the access management system.
    • For applications that depend upon your on-premises access management system, you can change the trust relationship between the access management system and Oracle Identity Cloud Service. That way, Oracle Identity Cloud Service functions as the identity provider and the access management system acts as the service provider.
    • If you didn't use Oracle Identity Cloud Service as the identity provider in stage 2, then you communicated the changes in the authentication process to your users.

Which Stage Is Right for You?

The roadmap provides a path to independence from your on-premises access management system. However, depending on your business and security requirements, migration of your access management system to Oracle Identity Cloud Service may stop in stage 2, 3 or 4.

The following list provides the characteristics of each stage to help you decide which stage is right for you:

  • Stage 1

    • There is no Single Sign-On (SSO) between on-premises and cloud applications.

  • Stage 2

    • You want to establish SSO between your on-premises and cloud applications.
    • To enhance your authentication process with the Oracle Identity Cloud Service security features, you want to use Oracle Identity Cloud Service as your identity provider. Examples of security features include Adaptive Security, sign-in policies, multi-factor authentication (MFA), account recovery, and social sign-on.
    • You still need your on-premises access management system.

  • Stage 3

    • You want to integrate some of your on-premises applications with Oracle Identity Cloud Service.
    • Some of your on-premises applications can't be detached from your on-premises access management system.

  • Stage 4

    • If your on-premises applications no longer depend upon the on-premises access management system, then you can remove it. Instead, you can use Oracle Identity Cloud Service as your access management system.
    • Because Oracle Identity Cloud Service is now your identity provider, you can enhance your authentication process with the Oracle Identity Cloud Service security features (for example, Adaptive Security, sign-on policies, MFA, account recovery, and social sign-on).