Fortinet black logo

Identity & Access Management (IAM)

Home FortiCloud Services 24.1.0 Identity & Access Management (IAM)

Migration of existing users

24.1.0
24.1.0
Copy Link
Copy Doc ID cb035e9b-aa60-11ee-8673-fa163e15d75b:508974
Download PDF

Migration of existing users

The new permission profile model is replacing the previous portal permission model. While the portal permission model had portal permissions configured directly for an IAM user, user group, IdP role, or API user, the permission profile is configured separate of users and can be linked to multiple IAM users.

To effectively convert the Identity & Access Management portal to the new permission profile model, any pre-existing IAM users, user groups, and so on will automatically be converted to the new model. This migration of users will result in the existing IAM user being split into an IAM user and a permission profile following the conversion to the new permission profile model. Therefore, any permissions assigned to the IAM user will be used to create a new permission profile containing the same portals and permissions that is automatically assigned to the IAM user.

Note

Each pre-existing IAM user with unique portal permissions will result in a unique permission profile following the migration. For example, if before the conversion to the new model there are five IAM users, each with independently created portal permissions assigned, then there will be five IAM users and five permission profiles following the migration.

Example of IAM user migration to the new permission profile model

The following scenario describes the migration of an IAM user to the new permission profile model.

Before the conversion to the new model, an IAM user named Jane Test has portal permissions directly assigned to it. These portal permissions allow administrative access to the Asset Management portal and read only access to the IAM portal.

Following the conversion to the new model, the Jane Test IAM user can be found in the IAM Users page. It has been migrated forward with the same User Profile information but it no longer has portal permissions directly assigned to it. Instead, Jane Test is assigned to a permission profile that has automatically been created when the conversion occurred. The permission profile defines the same permissions and access as the portal permissions before the conversion: administrative access to the Asset Management portal and read-only access to the Identity & Access Management portal.

Note

For the purpose of this example, the permission profile has been named Migration Profile for clarity. When migration of an IAM user occurs following the conversion in a real-world scenario, it will not follow this naming convention.

You can review and edit the permission profile by selecting it from the Permission Profiles page.

Previous
Next

Migration of existing users

The new permission profile model is replacing the previous portal permission model. While the portal permission model had portal permissions configured directly for an IAM user, user group, IdP role, or API user, the permission profile is configured separate of users and can be linked to multiple IAM users.

To effectively convert the Identity & Access Management portal to the new permission profile model, any pre-existing IAM users, user groups, and so on will automatically be converted to the new model. This migration of users will result in the existing IAM user being split into an IAM user and a permission profile following the conversion to the new permission profile model. Therefore, any permissions assigned to the IAM user will be used to create a new permission profile containing the same portals and permissions that is automatically assigned to the IAM user.

Note

Each pre-existing IAM user with unique portal permissions will result in a unique permission profile following the migration. For example, if before the conversion to the new model there are five IAM users, each with independently created portal permissions assigned, then there will be five IAM users and five permission profiles following the migration.

Example of IAM user migration to the new permission profile model

The following scenario describes the migration of an IAM user to the new permission profile model.

Before the conversion to the new model, an IAM user named Jane Test has portal permissions directly assigned to it. These portal permissions allow administrative access to the Asset Management portal and read only access to the IAM portal.

Following the conversion to the new model, the Jane Test IAM user can be found in the IAM Users page. It has been migrated forward with the same User Profile information but it no longer has portal permissions directly assigned to it. Instead, Jane Test is assigned to a permission profile that has automatically been created when the conversion occurred. The permission profile defines the same permissions and access as the portal permissions before the conversion: administrative access to the Asset Management portal and read-only access to the Identity & Access Management portal.

Note

For the purpose of this example, the permission profile has been named Migration Profile for clarity. When migration of an IAM user occurs following the conversion in a real-world scenario, it will not follow this naming convention.

You can review and edit the permission profile by selecting it from the Permission Profiles page.

Previous
Next