Identity-Migration

Every IAM migration eventually hits the password problem. Users have passwords stored as cryptographic hashes in the old system. You need those users in the new system without forcing all of them to reset their passwords on Day 1. Depending on the source and target platforms, this ranges from straightforward to genuinely painful. The Core Problem Password hashes are one-way functions by design. You can’t reverse a bcrypt hash back to the original password. This means you have three options when migrating between identity platforms: ...

Upgrading Keycloak across major versions is one of those tasks that looks simple on paper — download the new release, start it up, let Liquibase handle the database — but reliably creates production incidents when done without preparation. Between versions 21 and 26, Keycloak introduced several breaking changes that affect clustering, theming, SPIs, and configuration format. This guide covers what actually breaks at each version boundary and how to handle it. ...

Not every organization wants to move from ADFS to Microsoft Entra ID. Some want to stay vendor-neutral, keep identity infrastructure on-premises, or simply avoid per-user licensing costs. Keycloak fills that gap — it handles SAML 2.0, OIDC, and integrates directly with Active Directory via LDAP federation. The migration isn’t trivial, though. ADFS and Keycloak have different architectural models, and some ADFS features don’t have direct Keycloak equivalents. This guide covers the practical steps, common blockers, and configuration patterns you’ll need. ...

Microsoft is pushing hard to retire ADFS. The writing has been on the wall since 2023 when they started flagging ADFS deprecation in security advisories, and Windows Server 2025 makes it even clearer — ADFS is maintenance mode, no new features, and the migration tooling keeps getting better. If you’re still running ADFS in production, now is the time to plan your move. This guide walks through the full migration from ADFS to Microsoft Entra ID (formerly Azure AD), covering assessment, claim rules translation, staged rollout, and final decommission. ...

Migrating from ForgeRock Identity Cloud to PingOne AIC involves exporting your existing identity management configurations, mapping them to the PingOne AIC schema, and importing them while ensuring data integrity and security. This guide provides a step-by-step approach to help you through the migration process. What is Migrating from ForgeRock Identity Cloud to PingOne AIC? Migrating from ForgeRock Identity Cloud to PingOne AIC is the process of transferring your identity management functionalities and configurations from one platform to another. This includes migrating user data, policies, connectors, and other settings to ensure seamless operation with minimal downtime. ...