Frustrated with login friction and security gaps? CIAM solves both.

FIND OUT HOW
close-button
Decorative
BACK TO BLOG

How just-in-time migration makes your CIAM transition easierย 

So youโ€™ve decided to migrate your customer identities to a new solution. Maybe youโ€™re moving away from a homegrown tool as your organization and product offerings scale, or maybe you need a more sophisticated solution thatโ€™s prompted you to seek out a new vendor.

But letโ€™s face it: When you hear the word โ€œmigration,โ€ visions of months-long project plans start dancing in your head.

If lengthy planning cycles and an endless schedule of cross-functional meetings arenโ€™t high on your bucket list, then just-in-time migration might be the right (and a less headache-laden) approach for you.

What is just-in-time migration for customer identities?

Just-in-time migrations simply move users over one by one as users log in.

Sounds simple enough, right?

Well, if youโ€™re familiar with legacy IAM solutions, then you probably already know that just-in-time migration is not the way that organizations (and their vendors) typically approach migrations.

Since the beginning of IAM time, bulk migrations were the only way to go: โ€œGimme a .CSV file with every userโ€™s info and Iโ€™ll load it into the system.โ€ Remember, most vendors designed their products to serve workforce use cases โ€“ not customers โ€“ where itโ€™s perfectly acceptable to dump user IDs into a new system and then expect all those users to jump through new hoops to sign up to use the new system.

How just-in-time migrations solve โ€œthe password problemโ€

Bulk migration typically doesnโ€™t work well for customer use cases. Why?

Blame it on the passwords.

Theyโ€™re exactly what makes migrating user profiles so tricky. By definition, passwords are โ€œsecret.โ€ To keep them secret, passwords are โ€œscrambledโ€ in a way that isnโ€™t reversible, also known as hashing. So migrating user IDs and their passwords is rarely as simple as copying and pasting them into a new piece of tech (that would be so nice though, wouldnโ€™t it?).

A just-in-time migration approach solves the โ€œpassword problemโ€ by temporarily keeping your old customer datastore in place. As your existing customers log into your new CIAM system, their info (including their password) gets checked โ€“ via orchestration โ€“ against the old system. If it matches, itโ€™s moved from the old to the new customer datastore.

Done right, your customers wonโ€™t know anythingโ€™s different โ€“ thereโ€™s no password to reset and no new user ID to create. The big benefit of this approach is that your users donโ€™t have to change a thing โ€“ itโ€™s business as usual.

 just-in-time migration makes your CIAM transition easier

Questions to consider before starting your just-in-time migration

Here are three questions thatโ€™ll help you determine if a just-in-time migration approach is right for your org, and get you prepared to kick off the project.

Where is your customer ID store today?

Since youโ€™ll need to keep your old customer ID store in place during a just-in-time migration, youโ€™ll want to know whatโ€™s involved. Is it a homegrown solution that is tightly coupled to your application? Is it a SQL database sitting somewhere in the cloud? Is it Azure AD or an existing IAM/CIAM solution? Wherever it is, think about whatโ€™s required to keep it online for six months or so.

How often do your users log in?

The answer to this question will give you a sense of how long itโ€™ll take to migrate customers into your new ID store with a just-in-time migration. Check your authentication logs. If 50 percent of customers log in once a month and 85 percent log in at least once every 90 days, your migration should be largely done in about three months.

Who gets the call when a customer canโ€™t log in?

Because of the disruption involved with a bulk migration, you can expect lots more support calls if you choose to go that route. If your customer support team doesnโ€™t typically handle super technical questions, youโ€™ll need to think through where youโ€™re going to route those calls and what training youโ€™ll need to give that team.

How just-in-time migration benefits your customers and your dev team

Thereโ€™s more good news about just-in-time migrations: They offer both your customers and your dev team multiple benefits.

Itโ€™s a more customer-friendly approach.

The TL;DR? A just-in-time migration is by far the more customer-friendly approach since your customers donโ€™t need to reset their username or password with this process.

In contrast, with a bulk migration every user will likely need to reset their password when they log in, which will have your customers jumping through clunky (and unwanted) hoops to make that reservation or complete that purchase.

Even if youโ€™ve sent them several emails to give them a heads up about the change, many of those missives will have gone unread. You can expect a spike in support calls from locked out โ€“ and unhappy โ€“ customers. A small percent of customers may just abandon their old accounts and create new ones if the login speed bumps are too big.

Finally, if your users log in frequently โ€“ daily or even weekly โ€“ thereโ€™s a chance that recently-created accounts may not get loaded into the new system since thereโ€™s often several days of data cleansing that takes place between the export and the import of that pesky .CSV file.

Itโ€™s a faster process for your dev team.

The big surprise for folks that havenโ€™t considered a just-in-time migration approach is that itโ€™s far more efficient than the alternative. How can that be?

Well, since thereโ€™s no impact on customers you donโ€™t need to get as many internal teams involved. Thereโ€™s no need for a big customer communications effort, and less training is required for your customer support team. In short, that project plan is going to look a lot simpler (and so is your calendar). Plus, the IT team doesn't have to choreograph the data export > cleanse > import process.

Sound too good to be true? There are a few things that youโ€™ll have to do for a just-in-time migration. Like we said before, youโ€™ll need to maintain your existing database during the migration period. Thereโ€™s also a small bit of coding involved and โ€“ depending on how often your users log in โ€“ there may be a small number of users at the end of the migration period that havenโ€™t logged in, which youโ€™ll need to manually port over. However, your team can complete these to-dos in about a week. Compare that with a 6+ month timeframe for a bulk migration, which is the timeframe that one of our customers experienced when they switched CIAM providers previously before onboarding with Strivacity.

If youโ€™re still curious about how a just-in-time migration stacks up against a bulk migration, hereโ€™s a handy chart we created for you so you can weigh the pros and cons of each:

At a glance: Just-in-time migration vs. bulk migration for customer identities

Just-in-time migration

Bulk migration

Customer experience

Your experience

Getting started with user migration

In short, migrating your customers doesnโ€™t have to be a pain in the neck. Just-in-time migration can be a good approach and can let you get started sooner than you think.

There will always be edge cases where a bulk migration makes sense. For example, if youโ€™re an insurance company where users log in less than once a year and maintaining your old customer store is prohibitively expensive, then bulk migration is probably the way to go. However, for most orgs who have users who log in frequently, a just-in-time migration approach is often the better choice.

Have other questions about migrating users to a new CIAM solution, or curious about where to start? Send us a note โ€“ weโ€™d love to chat with you.