Skip to main content
Version: Cloud

Migrating to Horizons

Here you can find prerequisites, recommendations, and instructions on how to enable Horizons and perform migration.

Prerequisites

  • The Horizons functionality requires you to enable the Governance for Omada Identity.

    For more information, go to Governance for Omada Identity.

  • If you have included custom views, you are required to manually migrate those mappings. All mappings should be verified for using the SQL statements and custom views. If it's confirmed, the configuration must be changed.

    For more information, go to Export queries and mappings section.

  • For the existing import threshold, manually move them to the new format.

    For more information, go to Thresholds.

Migration process

Once you are eligible for Horizons, the Enable Horizons setting is visible in the General tab in the Cloud Management Portal. Enabling replaces the SSIS-based data import architecture with the cloud-native Horizons solution which is followed by the migration of existing data.

note

The actions in the procedure marked with the tag are performed by the Omada.

Procedure

Following procedure provides information and recommendations for initial and consecutive run and provides all necessary steps to allow the Horizons functionality to go operational and function properly.

First run of the Horizons

  1. Pause RoPE (Role and Policy Engine).

  2. Pause ES (Enterprise Server) adapter's timer.

    Stop timer - kubectl -n tenatnId scale deployment tenantId-timer --replicas=0

  3. Configure the Omada Provisioning System (OPS) to function in the Review Mode.

  4. For the OPS to switch to the Review Mode, disable timers related to imports and update the System Onboarding Configuration.

  5. Configure the Enable Horizons setting to true.

  6. Initiate data migration.

Verification

  1. Review the Identity Join and Identity Merger rules.

  2. Review the Export Queries and Mappings rules.

  3. Set new import thresholds configuration if it was used on the HR source system.

  4. Perform the HR system import, including authoritative data.

  5. Resume ES adapter's timer.

    Start timer - kubectl -n tenantId scale deployment tenantId-timer --replicas=1

  6. Perform the full import of Access Systems.

Going operational

  1. Resume RoPE.
  2. Perform recalculation of all Identities.
  3. Review OPS jobs.
  4. Enable timers related to imports.
Change sets

During the process of migrating to Horizons you might encounter situation when in parallel there are cloud environments utilizing the Horizons solution and SSIS-based data import. Recording in a change set onboarding of a new system, on an environment with the Horizons solution enabled, will make impossible the import of the change set into an environment without the Horizons enabled yet.