Hello, can you please clarify the below:
1- We want to migrate between deployments. We have our Identity sources set up, and user from LDAP are already on the new deployment. If we migrate only tokens, will they be assigned to their respective users on the new deployment? Or if we migrate users with tokens, will that replace the user with no token on the target deployment with the imported one and the token?
2- Since token profiles are not imported, how does that affect users after the import. For ex if a user has a new mobile, can we still update the binding ID and redistribute, given that we don't use self-service and manage all users from the Security Console?
3- For authentication manager upgrades, the replica appliance has no option to take a backup, so does the primary appliance's backup work on the replica?
4- I just want to confirm that TLS 1.0/1.1 are still supported in 8.4, as according to the article below 1.2 is used by default but older versions are still supported.
Thank you for your time.
1) if you migrate tokens only they go to unassigned tokens list.
If you migrate users and tokens to ldap on another machine, and if the target machine has the same ldap users [userid, first name, last name], then the token will remain assigned to the user.
If you import users to the internal database the users must not exist already and the import job will create the users.
If you happen to already have the same tokens on the target system and they are all unassigned, if you import users and tokens and these tokens in the import job have the same serial number, the system will assign the serial numbers to the users correctly. You will see warnings that an unassigned token was assigned to a user.
You should run some small test migrations to see what the effects are. An export job makes copies, it does not delete anything from the source, so it is fairly safe to test export and import to a new machine and not interfere with production. To see what occurred in the import/export you need to run a report job Imported Users and Tokens report.
2) Profiles not migrating...does not affect import or anything else since the user already owns a working token. You only need to worry about profiles when you want to redistribute a token from the new target system to a user, you need appropriate profiles and may need to make new ones.
3) Replicas do not make or receive backups. You can only restore a backup to a Primary. If the backup is going to the very same primary that created it, you can keep the replicas (may need to be resynced). But if you restore a backup that came from a different primary, all replicas will remain authenticating but cut off from the primary and each will need to be set up again from scratch as though they were new.
4) TLS1.2 is 'permanently strict' on 8.4 and you cannot drop down to TLS1.1 or TLS1.0, there will be no communication below TLS1.2. TLS1.1 will handshake but there is no data communicated on TLS1.1 it is refused. TLS1.0 is off.
Testing protocols via sockets
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol