Skip to main content
All CollectionsKnowledge BaseEndpoint and SaaS AppsHow To - Endpoint and SaaS Apps
Seamless User Migration Between Okta Tenants with Druva Backup and Provisioning
Seamless User Migration Between Okta Tenants with Druva Backup and Provisioning
Updated this week

Overview

This article guides migrating users from one Okta environment to another while ensuring seamless provisioning and maintaining data integrity within Druva. It covers the necessary steps to handle user provisioning effectively during migration, including scenarios where user domains change—a common occurrence due to mergers, acquisitions, or organizational restructuring.

Scenario Overview

Consider a Druva environment connected to an Okta instance for a domain named olddruvadomain.com. Users are synced from Okta to Druva inSync via SCIM provisioning. For example:

If the domain changes to newdruvadomain.com (e.g., due to a merger or new venture), users will be recreated in the new Okta tenant with updated email addresses:

The following steps outline how to manage this transition.

Step-by-Step Migration Process

Step 1: Break the Existing SCIM Connection with the Old Okta Tenant

  1. Disable SSO for Admins in Druva:

    • Disable SSO login for Admins to prevent login issues when the Okta connection breaks.

  2. Update User Provisioning:

    • Navigate to the Druva console.

    • Go to the Users tab and access User Provisioning settings.

  3. Temporarily disable the SCIM connection by selecting another provisioning method (e.g., Azure AD, Google Workspace, or AD/LDAP).

Step 2: Update User Email Addresses in Druva

  1. Manually update the email addresses of users in Druva:

    • Navigate to the User Settings page.

  2. Edit each user’s email address to match the new domain (e.g., update from user1@olddruvadomain.com to user1@newdruvadomain.com).

Note: If you have a large amount of users and it's difficult to change the email addresses manually, please contact support.

Step 3: Configure SCIM and SSO for the New Okta Tenant

  1. Ensure the new Okta tenant contains a list of users with email addresses matching the updated Druva instance.

  2. Configure the SCIM and SSO settings in Druva to connect to the new Okta tenant:

Step 4: Perform Manual Synchronization and Verify Changes

  1. Perform a manual synchronization:

    • Log in to the new Okta tenant.

    • Trigger a manual sync for user provisioning.

  2. Verify the synchronization:

    • Check the User Summary page in Druva to ensure users (e.g., user1, user2, user3) are listed as "Added by SCIM."

Final Verification

Once all steps are completed, users will be fully managed by SCIM provisioning connected to the new Okta tenant. This ensures a seamless migration with no disruption to user data or access.

Related Articles
Manage Users from Okta using SCIM
How to configure SSO for Druva Cloud Platform using Okta as IdP
How to change SCIM token for Druva inSync App
Users not getting provisioned via SCIM from your IDP to Druva inSync Cloud
Configure SCIM and Single-Sign On between Druva GovCloud and OKTA
Did this answer your question?