Standard data migration services
A typical Identity Cloud deployment includes importing user records from an existing data store. The Standard Data Migration service supports migrating up to 2 million user records into theĀ Identity Cloud user profile data store from a CSV (comma-separated value) file at a rate of 1 million records created per hour.
De-duplication of records
Existing user records will be migrated, on a one time basis, into the Identity Cloud database. The customer will be responsible for all de-duplication of user records prior to the data migration being performed. If during the data migration duplicate records are detected (based on identical email addresses) the duplicate user record will be ignored. No manual or human entered de-duplication will be performed.
Password hashing algorithms
āAkamaiā's Identity Cloud supports multiple password hashing algorithms for import during a data migration. If the customer's password data is hashed in an incompatible algorithm then an additional statement of work may be required and any agreed upon schedules will be re-negotiated.
The process
-
Sample migration: performed to develop the tools and processes and to verify data quality (correctly exported, transformed, and imported).
-
Production migration: scheduled immediately prior to production launch to import the complete data.
The sample migration process
-
Customer exports a representative sample of data containing all expected formatting, data types, and special characters to a CSV (comma-separated values) file.
-
Customer encrypts the CSV file and provides the passphrase to āAkamaiā Technical resources via a secure channel.
-
Customer uploads the CSV file to āAkamaiā's secure FTP server.
-
āAkamaiā imports the sample data into development environment.
-
Customer validates the sample data imported by āAkamaiā.
After the sample migration has been completed and validated, the format of the CSV file cannot change.
The production migration process
-
Customer disables the legacy registration system.
-
Customer exports data to a CSV fileĀ using the same process/tools used during sample migration.
-
Customer encrypts the CSV fileĀ using the same passphrase used during sample migration.
-
Customer uploads the CSV file to āAkamaiā's secure FTP server.
-
āAkamaiā imports theĀ production data to production environment.
-
Customer validates the production data imported by >>.
-
Customer enables theĀ Identity Cloud registration solution.
Data format
The user profile data must be provided in a valid CSV-formatted file as defined by RFC 4180:
-
Fields must be delimited by commas.
-
Fields containing commas or line breaks must be enclosed in double quotes.
-
Double quotes within the field must be escaped with an additional double quote. For example:
"This is a field with ""quoted"" text."
-
The file must be UTF-8 encoded.
-
The first row of data must be a header row, and must contain the names of the schema attributes to which the corresponding fields will be mapped.
-
Attributes within objects must be specified with a period delimiter, also known as ādot notationā. Ā For example:Ā
primaryAddress.city
-
Boolean data must be represented asĀ true and false. (Although this is case insensitive: you can also specify Boolean data as True and False or TRUE and FALSE.)
-
Gender data must be represented asĀ male and female.Ā (AlthoughĀ this is case insensitive: you can also specify gender data as Male and Female or MALE and FEMALE.
-
Date and time data must be represented as a UTC timestamp in the format:Ā yy-mm-dd hh:mm:ss. For example:
2014-01-15 14:30:00
A very simple CS file might look similar to this:
email,password,givenName,familyName,birthday,primaryAddress.city,profiles
karim.nafir@mail.com,$P$BiAsT/abBIA/kaq92jKtNlISWom0IB/,Karim,Nafir,03/02/1981,Portland,"[{""identifier"": ""https://www.google.com/profiles/115926009673362564119"", ""domain"": ""google.com""},{""identifier"": ""http://www.facebook.com/profile.php?id=722034877"", ""domain"": ""facebook.com""}]"
Encrypt data
Files containing sensitive data must be encrypted prior to being uploaded to āAkamaiā's secure FTP server. Data can be encrypted using 256-bit Advanced Encryption Standard and the GNU Privacy Guard application. To encrypt your data, run GNUĀ Privacy Guard from the command line, using aĀ command similar toĀ the following:
gpg --symmetric --cipher-algo aes256 data.csv
Choose a passphrase with high entropy such as five random words. Communicate the passphrase to the āAkamaiā technical resource via phone. Do not send the passphrase in an email nor in a support ticket.
Secure File Transfer (sFTP)
āAkamaiā will configure a temporary sFTP account for uploading encrypted data files. The customer must provideĀ āAkamaiā technical resources with the following information:
-
A list of all IP addresses that will connect to the sFTP server.
-
Public SSH keys for all users that will connect to the sFTP server.
Password authentication to the sFTP server can be provided for customers who are not able to use SSH.
Reports
āAkamaiā will deliver two CSV files after importing data, one file logging successfully imported records and the other logging failed records. The files contain:
-
The line number from the source data file.
-
The UUID of the record in Identity Cloud user profile database if the record was imported successfully.
-
The error message if the record was not imported successfully.
Updated 4 months ago