Hi Dojo,
If I recall correctly, DataMiner supports OKTA as an IDentity provider for SAML access - but the same DMA server cannot support 2 different IDPs concurrently: is that still the case?
Asking this in the context of email account migrations,
e.g.
going from
alberto@mydomain.com (associated to the current SAML authentication)
to
alberto@BrandNewDomain.com (new SAML associated to OKTA)
Just spotted this old suggestion too:
where if I have two servers in a cluster --> DMS = {A,B}
I could leave DMA A configured for the older SAML access and move only DMA B on OKTA.
Other than duplicating user-accounts (as each DM user can have only 1 email account), would there be any other considerations to be done at design phase of this migration process?
Thanks for your feedback!
Hi Alberto,
There's nothing that stops you from doing this. There is indeed the consideration of duplicated user accounts in these cases but as the new domain will be different from the old one, Dataminer will see them as completely new users.
Keep in mind that users will sync between those 2 agents but will only be able to log-in on the agent that corresponds to it's config. So even if those new Okta users will be synced to agent A, they will only be able to log in on agent B.
Also if the current config is EntraID without user provisioning, the hourly LDAP sync will very much cause issues here so I would recommend to turn off the scheduled task during the transition if this is the case.
I would not recommend this for any kind of permanent set-up but it should be fine in the short term as part of a transition.
Kind regards,
Michiel
Thanks for the insight, Michiel, much appreciated.
Marking this as solved.