Planning a migration from SAP IDM, Microsoft MIM, or another IAM platform to Evolveum midPoint? Use this checklist to assess your readiness and plan a smooth transition.

Want a personalized assessment? Contact us for a free consultation where we review your specific environment against this checklist and provide a migration roadmap.

Phase 1: Discovery and Assessment

Current IAM Platform Audit

  • ☐ Document your current IAM platform (vendor, version, deployment type)
  • ☐ Identify the end-of-support or end-of-maintenance date for your current platform
  • ☐ List all connected target systems (AD, LDAP, databases, REST APIs, HR systems, etc.)
  • ☐ Count total managed identities (employees, contractors, partners, machine identities)
  • ☐ Map current identity lifecycle processes (joiner, mover, leaver workflows)
  • ☐ Document existing role model (number of roles, assignment rules, approval chains)
  • ☐ Identify custom connectors or integrations that were built for your current platform
  • ☐ List compliance requirements your IAM must satisfy (GDPR, NIS2, ISO 27001, SOX)

Data Quality Assessment

  • ☐ Audit identity data quality (duplicates, orphaned accounts, stale records)
  • ☐ Identify the authoritative source of truth for identity data (HR system, AD, manual)
  • ☐ Document data transformation rules between source systems and your current IAM
  • ☐ Check for undocumented customizations in your current platform

Phase 2: midPoint Architecture Planning

Infrastructure Decisions

  • ☐ Choose deployment model: Kubernetes, Docker, or bare-metal
  • ☐ Decide on database: PostgreSQL (recommended) or other supported DB
  • ☐ Plan high-availability requirements (single instance vs. clustered)
  • ☐ Define environment strategy (dev, staging, production)
  • ☐ Evaluate GitOps vs. traditional configuration management
  • ☐ Plan network connectivity between midPoint and all target systems

Connector Planning

  • ☐ Map each target system to a midPoint connector type (LDAP, REST, DB, CSV, SCIM, custom)
  • ☐ Identify systems requiring custom connector development
  • ☐ Document authentication methods for each target system API
  • ☐ Plan connector testing approach (sandbox/staging environments available?)

Role Model Design

  • ☐ Decide whether to migrate existing roles as-is or redesign
  • ☐ Plan role mining approach (bottom-up from current access patterns vs. top-down from job functions)
  • ☐ Define RBAC vs. ABAC strategy for different user populations
  • ☐ Design approval workflows for role assignment and access requests
  • ☐ Plan segregation of duties (SoD) policies

Phase 3: Migration Execution

Data Migration

  • ☐ Plan identity data export from current platform
  • ☐ Design data transformation and cleansing pipeline
  • ☐ Plan identity correlation strategy (matching existing accounts to migrated identities)
  • ☐ Test data import into midPoint staging environment
  • ☐ Validate migrated data completeness and accuracy

Parallel Operation

  • ☐ Define parallel operation period (both platforms running simultaneously)
  • ☐ Plan connector cutover sequence (which systems migrate first?)
  • ☐ Design reconciliation checks between old and new platform
  • ☐ Define success criteria for each migration phase
  • ☐ Plan rollback procedure in case of critical issues

Cutover Planning

  • ☐ Schedule cutover window (weekend, maintenance window, or rolling)
  • ☐ Define go/no-go criteria for production cutover
  • ☐ Plan communication to end users and stakeholders
  • ☐ Prepare support team for increased tickets during transition

Phase 4: Post-Migration

Validation and Stabilization

  • ☐ Run full reconciliation between midPoint and all target systems
  • ☐ Validate all automated workflows (joiner, mover, leaver)
  • ☐ Test access certification campaign
  • ☐ Verify audit logging and compliance reporting
  • ☐ Performance test under production load

Knowledge Transfer

  • ☐ Train administrators on midPoint operations
  • ☐ Document runbooks for common operations
  • ☐ Train helpdesk on self-service portal workflows
  • ☐ Document connector configurations and custom code

Decommissioning

  • ☐ Decommission old IAM platform after stabilization period
  • ☐ Archive old platform data per retention policies
  • ☐ Update documentation and architecture diagrams
  • ☐ Close vendor contracts for old platform

How Can WeKnowIdentity Help?

WeKnowIdentity has guided 10+ enterprises through midPoint migrations from SAP IDM, Microsoft MIM, and other platforms. We can help with any or all phases of this checklist:

  • Free Assessment: We review your current environment and provide a migration roadmap
  • Architecture Design: We plan the optimal midPoint deployment for your needs
  • Custom Connectors: We build connectors for any target system
  • Migration Execution: We handle data migration, parallel operation, and zero-downtime cutover
  • Training: We ensure your team can manage midPoint independently

Schedule your free migration assessment →