While the process of migrating from CA SiteMinder to the Ping Identity Next Gen Identity platform is not complex, there is one strategic technical decision that must be made during the planning cycle that will directly impact end-user experience during migration. To start, providing a single sign-on (SSO) experience is critical to shield the end-user from the complexities of two identity security systems. Most migrations would require the user to authenticate separately for each security system. In contrast, our Next Gen Identity solution provides a single sign-on experience across both systems during the migration. In order for the migration experience to be ideal, the authentication system of record must be determined very early in the migration process. Therefore, determining this authentication system of record is an important and strategic technical decision to make during the planning cycle.
Choosing Between PingFederate® or CA SiteMinder.
It is critical that the authentication system is specified during the planning process. There are two choices for the authentication system: PingFederate® or CA SiteMinder. The authentication system is responsible for authenticating the user against the directory or identity store. Rather than having both CA SiteMinder and PingFederate authenticate users against a single identity store, one system should be selected to authenticate the user. Ultimately, PingFederate will be integrated with CA SiteMinder to provide the single sign-on experience.
There are two strategy options for migrating the system of authentication. The first is to select PingFederate as the system of authentication at the beginning of the migration process. The drawback to this option is that the end-user must authenticate with PingFederate before they can access a CA SiteMinder protected application. When migrating, this can be difficult to configure within CA SiteMinder. However, this early migration provides more flexibility for customizing authentication policies and leveraging those policies when accessing cloud-based applications.
The second option for migrating the system of authentication is placing CA SiteMinder (rather than PingFederate) as the system of authentication. This option delays the migration of authentication policies until the very end of the migration process. It also requires that PingFederate be tightly integrated with CA SiteMinder to honor and validate CA's identity tokens. The drawback to this option is the loss of flexibility for using authentication policies that are the same between on-premise applications and cloud-based applications. Ultimately, the authentication policies located in CA SiteMinder will be migrated to PingFederate when implementing the Next Gen Identity solution.
Regardless of which authentication strategy you choose, it is important to keep the end-user experience in mind. The migration from one identity security system to another should be transparent to the end-user.
Our Next Gen Identity solution is the only identity security product that enables seamless migration between identity security solutions. End-users won't know the difference, but IT will be able to securely leverage infrastructure as a service (IaaS), apply the same security policies to web and API resources and easily share applications with customers and partners.