7 Simple Steps to Modernize Your Legacy IAM

Are you being asked to reduce your growing Identity & Access Management (IAM) costs? Are you being asked to support new business initiatives like Digital Transformation, Bring Your Own Device (BYOD), and other borderless workplace initiatives? Is your legacy IAM system becoming a bottleneck for regulatory and security compliance, or too fragile for the pace of changes needed by the business? It's time to modernize your legacy IAM.

A modern identity platform expands on the traditional capabilities of a legacy IAM system to support today’s business initiatives while improving your overall security posture and simplifying deployment and maintenance overhead. Of course, this all sounds great in theory, but based on your past experience with the legacy systems, you might be thinking:

  • If patching and upgrading takes 6+ months, how long will replacing my IAM system take?
  • How will I justify the budget request to replace a legacy system I just spent millions of dollars and years building and deploying??
  • Now that my identity system is finally up and running, how can I modernize without breaking everything?

ForgeRock, with our years of experience in the identity and access management space, has built a proven methodology to get you off of legacy systems. This involves a seven step process to methodically migrate and eventually completely sunset the old systems. 

Here are the steps to modernize your legacy IAM:

  1. Inventory Your Apps
  2. Prioritize Apps
  3. Understand the Use Cases
  4. Add Value
  5. Coexist
  6. Migrate
  7. Sunset


7 Simple Steps to MIAM Image - Blog.001.jpg


Let’s discuss each:

1. Inventory Your Apps

The first step to modernize your legacy IAM is to understand the complete inventory of applications managed by the legacy system. If you have this already documented and, in a human readable format you are ahead of the curve! However, if you don't have it, not to worry, even legacy systems like CA SiteMinderOracle Access Manager and Identity Manager provide capabilities to export applications under management to help you get the complete inventory. If you already have a list of applications you want to move, jump to step two.

2. Prioritize Apps

The next step to modernize is to prioritize the apps that you want to migrate. ForgeRock recommends that you do this by starting with the apps that are ‘low hanging fruit’ and then moving to the most difficult ones. Apps considered ‘low hanging fruit’ can be determined in one of two ways:

  • The apps where the owners are really supportive and want to get off of legacy for various business reasons
  • The apps that have the least number of customizations 

This process is as much a business decision as a technical determination, so be sure to involve both stakeholder categories. Develop a set of repeatable prioritization criteria based on your organization’s priorities, then use it to iterate through your app inventory. In the first go around, we recommend that you pick an initial 2-3 applications based on the above criteria.

3. Understand the Use Cases

The third step along the modernize path is to document the use cases that are being supported by the IAM platform for these apps. For SSO, these use cases could be simple things like the authentication policies, attributes that need to be returned and any authorization policies, or more complex items like custom plugins. Similarly, for Identity Management, the use cases could be understanding what workflows are involved, what attributes are mapped from source to target and so on.

4. Add Value

Step four is the most crucial step to the entire modernize effort. After understanding the use cases that need migration, you’ll want to add a new layer of value by extending the use case to improve security, user experience, privacy, performance, etc. It’s best not to try to retrofit legacy architecture and customizations into the new system. This is the right time to see why you have made those customizations and if they are all still relevant. If a legacy app must be left as is, use ForgeRock’s Identity Gateway to modernize around the app until it can be migrated.  For apps that can be migrated, adopt capabilities like Intelligent Authentication, Progressive Sign-up, Privacy Management, Fine-Grain Authorization, and others. This step is crucial to not only getting the necessary business buy in, but also to help gain better user acceptance of the changes.

Reducing the amount of time spent deploying and maintaining an IAM system is another way to add business value by reducing costs, which also frees up precious identity resources to spend more time on value-added activities. ForgeRock offers deep DevOps integration, enabling your business to run our platform in any public cloud and many others in a highly automated fashion. 

Obviously having a modern platform with a host of capabilities to choose from will help in this effort.

5. Coexist

In this step you deploy the ForgeRock platform and, depending on which legacy system you are moving away from, you have multiple options for a coexistence strategy. Some of them are detailed in additional blogs or whitepapers here and here. With the right coexistence strategy, you have the choice to migrate applications at your own pace without any loss of functionality or impact to the end users’ experience.

6. Migrate

The next step is to migrate the applications from the legacy platform to the ForgeRock Identity Platform. There are tools for migrating some of the configurations and other artifacts, but depending on your customizations and legacy platform versions this step might involve a fair amount of elbow grease and support from the right IAM experts.

Next, repeat steps two through six until you have moved all of the applications to the ForgeRock platform and are completely ready to shutdown the legacy platform.

7. Sunset

After all is said and done, this is the best part. This is when you turn off the old system completely. This means no more worries about scale, missing features, ungodly upgrade cycles, and most importantly, spending a fortune on licensing and support costs.

As you read this blog post, customers are shutting down legacy CA and Oracle components all over the world.  They are already well on their way to cost reductions and innovation for a competitive edge in the today’s digital business market space. What are you waiting for?

Learn more about IAM Modernization for the Digital Business here. Or, if you are ready take a look at our CA and/or Oracle Migration guides written by experts, like you, for experts like you, visit us here. 

Prefer to speak to someone directly? Click here.

Who Is Ashley Stevenson?

Who is Ashley? Ashley has 15 years working in the identity industry, and in a past life, worked for the Department of Homeland Security. Today, he’s the VP of Product & Solution Marketing here at ForgeRock.  He’s passionate about applying innovative technology to drive new business value for our customers. But his passion doesn’t stop there… he loves cooking and has learned a lot of skills from TV cooking shows, especially Alton Brown!

Recent Posts:

Prevent Data Breaches: Making Sure The Algorithms Work

An identity platform like ForgeRock is the backbone of an enterprise, with a view of all apps, identities, devices, and resources attempting to connect with each other. This is a very nice position to gather rich log identity data to use to prevent data breaches.

Is Your IAM Vendor Keeping up with the Cloud?

The ForgeRock Identity and Access Management  Platform can be deployed in many different cloud services like AWSGoogle, Azure, and even in 

IoT Edge Controller: Trusted Identity at the Device Level

On Tuesday, ForgeRock announced  the availability of its IoT Edge Controller, which provides consumer and industrial organizations with the ability t