Standard Profile Data Migration Services

A typical Identity Cloud deployment includes importing user records from an existing data store. The Standard Data Migration service supports migrating up to 2 million user records into the Identity Cloud user profile data store from a CSV (comma-separated value) file at a rate of 1 million records created per hour.

De-duplication of records

Existing user records will be migrated, on a one time basis, into the Identity Cloud database. The customer will be responsible for all de-duplication of user records prior to the data migration being performed. If during the data migration duplicate records are detected (based on identical email addresses) the duplicate user record will be ignored. No manual or human entered de-duplication will be performed.

Password Hashing Algorithms

Akamai's Identity Cloud supports multiple password hashing algorithms for import during a data migration. If the customer's password data is hashed in an incompatible algorithm then an additional statement of work may be required and any agreed upon schedules will be re-negotiated.

The Process

  1. Sample migration: performed to develop the tools and processes and to verify data quality (correctly exported, transformed, and imported).
  2. Production migration: scheduled immediately prior to production launch to import the complete data.

The Sample Migration process

  1. Customer exports a representative sample of data containing all expected formatting, data types, and special characters to a CSV (comma-separated values) file.
  2. Customer encrypts the CSV file and provides the passphrase to Akamai Technical resources via a secure channel.
  3. Customer uploads the CSV file to Akamai's secure FTP server.
  4. Akamai imports the sample data into development environment.
  5. Customer validates the sample data imported by Akamai.
Note: After the sample migration has been completed and validated, the format of the CSV file cannot change.

The Production Migration process

  1. Customer disables the legacy registration system.
  2. Customer exports data to a CSV file using the same process/tools used during sample migration.
  3. Customer encrypts the CSV file using the same passphrase used during sample migration.
  4. Customer uploads the CSV file to Akamai's secure FTP server.
  5. Akamai imports the production data to production environment.
  6. Customer validates the production data imported by Akamai.
  7. Customer enables the Identity Cloud registration solution​.

Data Format

The user profile data must be provided in a valid CSV-formatted file as defined by RFC 4180:

  • Fields must be delimited by commas.
  • Fields containing commas or line breaks must be enclosed in double quotes.
  • Double quotes within the field must be escaped with an additional double quote. For example:
     "This is a field with ""quoted"" text."
  • The file must be UTF-8 encoded.
  • The first row of data must be a header row, and must contain the names of the schema attributes to which the corresponding fields will be mapped.
  • Attributes within objects must be specified with a period delimiter, also known as “dot notation”. For example:
     primaryAddress.city
  • Boolean data must be represented as true and false. (Although this is case insensitive: you can also specify Boolean data as True and False or TRUE and FALSE.)
  • Gender data must be represented as male and female. (Although this is case insensitive: you can also specify gender data as Male and Female or MALE and FEMALE.
  • Date and time data must be represented as a UTC timestamp in the format: yy-mm-dd hh:mm:ss. For example:
     2014-01-15 14:30:00

A very simple CS file might look similar to this:

email,password,givenName,familyName,birthday,primaryAddress.city,profiles

karim.nafir@mail.com,$P$BiAsT/abBIA/kaq92jKtNlISWom0IB/,Karim,Nafir,03/02/1981,Portland,"[{""identifier"": ""https://www.google.com/profiles/115926009673362564119"", ""domain"": ""google.com""},{""identifier"": ""http://www.facebook.com/profile.php?id=722034877"", ""domain"": ""facebook.com""}]"

Encrypting Data

Files containing sensitive data must be encrypted prior to being uploaded to Akamai's secure FTP server. Data can be encrypted using 256-bit Advanced Encryption Standard and the GNU Privacy Guard application. To encrypt your data, run GNU Privacy Guard from the command line, using a command similar to the following:

gpg --symmetric --cipher-algo aes256 data.csv 

Choose a passphrase with high entropy such as five random words. Communicate the passphrase to the Akamai technical resource via phone. Do not send the passphrase in an email nor in a support ticket.

Secure File Transfer (sFTP)

Akamai will configure a temporary sFTP account for uploading encrypted data files. The customer must provide Akamai technical resources with the following information:

  • A list of all IP addresses that will connect to the sFTP server
  • Public SSH keys for all users that will connect to the sFTP server

Password authentication to the sFTP server can be provided for customers who are not able to use SSH.

Reporting

Akamai will deliver two CSV files after importing data, one file logging successfully imported records and the other logging failed records. The files contain:

  • The line number from the source data file
  • The UUID of the record in Identity Cloud user profile database if the record was imported successfully
  • The error message if the record was not imported successfully