How to Merge Users from Internal Database to an Existing Identity Source (Active Directory)
Originally Published: 2022-01-10
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Platform: null
Platform (Other): null
O/S Version: null
Product Name: null
Product Description: null
Issue
Need to use Active Directory without losing the token assignment.
Tasks
- Make sure that the active directory has the same exact users as the internal database.
- Download Encryption Key.
- Export Tokens and users.
- Upload Encryption file.
- Import tokens.
Resolution
- Open the Primary Security Console ----> Administration ---> Export/Import Tokens and users ---> Download Encryption Key ---> click "Download Now".
- Navigate to Administration >> Export/Import Tokens and users >> Export
Tokens and users. - Upload the Encryption File downloaded in step 1.
- Check the “Users with Tokens” option.
export/import each sub domain individually.
5. Please choose the subdomain (if any, and choose System Domain if it is
the only present domain) you will be exporting.
the only present domain) you will be exporting.
- Check the “Include subdomains” option
- Check the “Export all users with tokens in domain”
6. Wait for the Export Job to be done, then click on “Download File”.
- User count and token count should be equal to the number of users and the number of tokens exported.
7. After downloading the file, Navigate to Identity ---> Users ---> Manage Existing.
- Note that if you have more than one sub-domain you will need to choose the sub-domains individually.
8. Delete the users from the Security Domain (each subdomain if needed).
9.To make sure that the importing procedure has been done correctly, navigate to Reporting ---> Real-time Activity Monitors ---> Administration Activity Monitor and click "Start Monitor".
10. Navigate to Administration ---> Export / Import Tokens and Users >> Import Tokens and Users.
Choose the file you have downloaded in Step 6, and then press Next.
9.To make sure that the importing procedure has been done correctly, navigate to Reporting ---> Real-time Activity Monitors ---> Administration Activity Monitor and click "Start Monitor".
10. Navigate to Administration ---> Export / Import Tokens and Users >> Import Tokens and Users.
Choose the file you have downloaded in Step 6, and then press Next.
- Choose the subdomain desired (Or System Domain if no sub-domains).
11. Map the Internal Database to your Active Directory.
Note that you will have to repeat the process for each subdomain if you are having multiple sub-domains, in order to migrate the whole users.
Notes
- Make sure that users in the Active Directory are exactly the same users that are in the Internal Database
- Make sure that all users have tokens assigned to them. Users with no tokens will not be included in the importing/exporting procedure.
