Migrating internal user data from Atrium Single Sign-On to Remedy Single Sign-On
Atrium SSO internal user data migration
The following diagram illustrates two internal user data migration sequence. Follow the scenario that best reflects your existing Atrium SSO configuration.
- Scenario#1: Your Atrium SSO is configured with an external LDAP/AD user store and also contains internal user groups and internal users.
- Scenario#2: Your Atrium SSO is configured with internal user groups and internal users only. This means, either no external LDAP/AD user store was configured or the external LDAP/AD user store was removed before running the migration scripts.
Preparing to migrate the internal user data from Atrium SSO to Remedy SSO
- Copy and extract the UserDataMigration-Utility.zip file located in the Disk1\utility folder of the TrueSight Presentation Server installer to the host server from where you want to run the export and import commands.
- Verify whether the host on which you run the utility has JRE 8 installed on it.
- Set the JAVA_HOME environment variable pointing to a JRE 8 installation.
- If you plan to run this utility on a non-TrueSight Presentation Server host where the JAVA_HOME path was not set earlier,
For example, (Windows) set JAVA_HOME=C:\Program Files\java\jre (Linux) export JAVA_HOME=/opt/java/jre. - If you plan to run this utility on an existing TrueSight Presentation Server host server, setting JAVA_HOME is not required.
- If you plan to run this utility on a non-TrueSight Presentation Server host where the JAVA_HOME path was not set earlier,
- Log in to the Atrium SSO console and note the external LDAP/AD user store configuration details in Atrium SSO for each tenant whose internal usergroups and internal users are to be migrated. These details are useful if you need to restore the same configuration at a later time.
- (Optional) Remove the external LDAP/AD user store configuration in Atrium SSO before executing the migration utility.
To migrate internal usergroups and internal users from Atrium SSO to Remedy SSO
- Log in to the host server from where you want to run the migration utility.
Export the user data from Atrium SSO to a CSV file by running the following export script:
exportUserDataFromASSO -file <file_path\csv_file.csv> -assoHostName <FQDN_ASSO_HOST_NAME> -assoPort <ASSO_PORT> [-tenants <realm1,realm2,...>]
- When prompted, enter the password for the Atrium SSO amadmin user.
Wait for the export to be completed. (Optional) Edit the CSV file and manually delete all external LDAP/AD user groups. This step is required if the external LDAP/AD user store was not deleted from Atrium SSO before running the export script.
Import the user data from the CSV file into Remedy SSO by running the following import script:
importUserDataIntoRSSO -file <file_path\csv_file.csv> -rssoHostName <RSSO_HOST_NAME> -rssoPort <RSSO_PORT> [-rssoProtocol <RSSO_PROTOCOL>]- When prompted, enter the Remedy SSO Admin user password.
When prompted, type y or n for the message Do you want to set a common password for all local users imported into Remedy SSO server (y/n)?
If you typed y, provide a common temporary password (minimum eight characters required) to be used for all users and proceed to step 9. Do this only if you want to set a common password for all the users explicitly. Setting a common password is convenient and easy to communicate to the users. However, for security reasons, the administrator must ask the users to change this password immediately.
- If you typed n, proceed to step 8. Do this if you want the system to generate a unique random password for each user. The administrator must change the password for each user manually in the Remedy SSO console and communicate the reset passwords to the respective users. User will not be able to log into the console unless the administrator communicates the password. Setting a password for each user is more secure compared to setting a common password option.
Wait for the import to complete.
- (Optional) If you typed n in step 8, log into the Remedy SSO console as the Admin user and set a temporary password for each imported user.
- (Optional) Repeat steps 1 to 9 if you want to import user data for additional tenants.
Post-migration tasks
Update the passwords for the bppmws_internal and csm_user internal user accounts. These user accounts are out-of-the-box TrueSight Presentation Server internal users. You must update the passwords for these two internal users to re-establish the internal communication between the TrueSight Presentation Server and TrueSight Infrastructure Management Server and the TrueSight Infrastructure Management Server and BMC Service Resolution respectively.
Failed to execute the [excerpt-include] macro.
Failed to execute the [excerpt-include] macro.
Perform this step only after you upgraded the TrueSight Presentation Server. Provide the temporary password to the users asking them to change it to the password of their choice by logging into the TrueSight Presentation Server.
Migration user data log file
You can find the migrateUserData.log file in the location where you ran the migration script. The log file contains details of errors that occurred during the execution of the user data migration utility. The log file is updated every time the migration script is run.
Where to go from here
Migration stage | Resource |
---|---|
If you migrated the internal users before upgrading the TrueSight Presentation Server, start the TrueSight Presentation Server upgrade | |
If you migrated the internal users after upgrading the TrueSight Presentation Server, continue adding new users and user groups |