1. Home
  2. LogonBox SSPR
  3. Business Rules
  4. Automations
  5. Importing user data to LogonBox from Access Manager

Importing user data to LogonBox from Access Manager

Can't find what you're looking for?
Request Supporthere

Christopher Dakin 26 November, 2021

Introduction

This article is intended for Access Manager customers who are looking to migrate over to our newer LogonBox product.

We unfortunately cannot directly migrate configuration options between the 2 products, but we do have the ability to import/export certain user specific data that is used for Password Resets such as Security Questions and PINs.

 

What information can be migrated?

  • Answers to Security Questions
  • PIN numbers
  • Email address and mobile numbers

It does NOT deal with Passphrases as there is not an equivalent for those in LogonBox, although passphrase authentication was a very rarely used feature in Access Manager.

 

WARNING: Only perform this import once, as the LogonBox import process does not check for duplicate questions/answers when adding.

 

Pre-requisites

On the Access Manager server

Ensure you are on at least version 1.5-RG2. The data export option was added to this release.

Better still, upgrade to 1.5-RG6 as this has had some fixes for older hash types in the exported data.

 

 

On the LogonBox server

Configure the user database so that you are synchronising the same user accounts as your connector on Access Manager, so that you have the same list of users on both systems.

If importing PINs, please check with support first to ensure that the database on the LogonBox server has a large enough table column to accept imports (any VM installed since the 2.2 releases should be okay).

 

You must also have the XML Tasks feature installed. To install this, navigate to Updates, Features & Licensing in the top menu, then select the Automation tab.

Click the download button next to the XML Tasks feature and restart the server when prompted.

 

Exporting data from Access Manager

Log on to Access Manager as the admin account and navigate to Configuration->System->Export

Set a username and password in the associated fields and click Save.

 

Now go to Directories and make a note of the directory's name that you want to export data from.

 

To perform the export you now need to enter the export URL manually. In the browser address bar, type in:

https://hostname/export/profiles/directoryname?username=user&password=pass

replacing hostname, directoryname, user and pass as appropriate for your server (user and pass being the values you set in the export configuration).

You will be presented with an XML file on the screen, right click this and save the file out.

 

This single file contains Security Question answers, PINs and Passphrases, Additional Address and other user attributes.

 

NOTE: It is recommended here that you edit the downloaded XML file and remove any identities that don't have any information that you want to import.

This is because the import is done as a single transaction which can take a long time if the import has thousands of entries to process but more importantly the import could cause the server to run out of memory. Therefore having a smaller file to import can only help.

It is especially important to also filter the file if you are importing Security Questions as we will need all global security answers in one file and just custom ones in another.

Please contact support if you want help with this.

 

Importing Security Question answers into LogonBox

Navigate to Authentication Flows->Questions. You will note that LogonBox's default set of questions are different to the Access Manager ones.

Therefore, either edit the existing questions and update the Question text to match that of an Access Manager one. Or delete all questions recreate new ones from scratch.

If creating new questions, be sure to assign the Everyone role in the Assignment tab so that users will have permissions to use the questions.

 

Note: It is important to match the text of the questions exactly, including capitalisation and any punctuation - otherwise the import will not be able to match questions and may create new ones.

 

If you are running a Multiple Tenancy environment, first ensure you are managing the correct realm.

Navigate to Automations in Business Rules and create a new automation.

Give the trigger a name, such as Security questions import and in the Task, start typing in Import XML and select it from the list that appears which will then show the import options below.

 

In the Source tab, set the Source to UPLOAD. For Source Upload, click Choose file and select the XML file downloaded from Access manager.

For Row XPath, type in //identities/identity

 

Select the Column XPaths tab and type in name=@name and click the + icon to the right to add it.

 

Select the List XPaths column. This time we will add two entries as above. The entries to add here are:

answer=questions/question
question=questions/question/@text

 

Now click on the Transaction tab and set Transaction Required to ON.

Click Create to create the automation.

 

Now click on the + to the left of the new automation to expand the view.

Chain a new automation off this one by clicking the + icon in the Security questions import module.

 

Give this chained automation a Name (let's say Import answers). The Event will already be filled out.

Change the Triggers On to Success (so that this chained event will only run if the previous XML import works).

For Triggers Task, start typing Import Q&A and select it from the list when it appears.

Select the Q&A tab. For Username, type in ${attr.name}

For Question type in ${attr.question}

For Answer type in ${attr.answer}

Set Assign to All to OFF or ON

* When importing answers to global questions, Assign to All must be ON.

* When importing answert to custom questions, Assign to All must be OFF to ensure that any custom questions will remain assigned to only the users who created that custom question.

Click Create to complete the automation.

 

Now run the import by clicking the green gears icon and selecting Run Now.

 

Importing PINs into LogonBox

If you are running a Multiple Tenancy environment, first ensure you are managing the correct realm.

Navigate to Automations in Business Rules and create a new automation.

Give the trigger a name, such as PIN import and in the Task, start typing in Import XML and select it from the list that appears which will then show the import options below.

 

In the Source tab, set the Source to UPLOAD. For Source Upload, click Choose file and select the XML file downloaded from Access manager.

For Row XPath, type in //identities/identity

 

Select the Column XPaths tab and type in name=@name and click the + icon to the right to add it. Type in another entry: number=passphrases/passphrase[@type="pin"]/text() and click the + again so that you have 2 entries.

 

Now click on the Transaction tab and set Transaction Required to ON.

Click Create to create the automation.

 

Now click on the + to the left of the new automation to expand the view.

Chain a new automation off this one by clicking the + icon in the PIN import module.

 

Give this chained automation a Name (let's say Set PINs). The Event will already be filled out.

Change the Triggers On to Success (so that this chained event will only run if the previous XML import works).

For Triggers Task, start typing Import PIN and select it from the list when it appears.

Select the PIN tab.

For Username, type in ${attr.name}

For PIN type in ${attr.number}

Click Create to complete the automation.

 

Now run the import by clicking the green gears icon and selecting Run Now.

 

 

Importing Secondary emails and mobile numbers into LogonBox

If you are running a Multiple Tenancy environment, first ensure you are managing the correct realm.

Navigate to Automations in Business Rules and create a new automation.

Give the trigger a name, such as Contact details import and in the Task, start typing in Import XML and select it from the list that appears which will then show the import options below.

 

In the Source tab, set the Source to UPLOAD. For Source Upload, click Choose file and select the XML file downloaded from Access manager.

For Row XPath, type in //identities/identity

 

Select the Column XPaths tab and type in name=@name and click the + icon to the right to add it.

Now do the same again for two more entries:

secondaryEmail=addresses/address[@type="alternative" and @media="email"]/text()

secondaryMobile=addresses/address[@type="alternative" and @media="mobile"]/text()

 

Now click on the Transaction tab and set Transaction Required to ON.

Click Create to create the automation.

 

Now click on the + to the left of the new automation to expand the view.

Chain a new automation off this one by clicking the + icon in the Contact details import module.

 

Give this chained automation a Name (let's say Set secondaries). The Event will already be filled out.

Change the Triggers On to Success (so that this chained event will only run if the previous XML import works).

For Triggers Task, start typing Update Account Addresses and select it from the list when it appears.

Select the Principal tab.

For Principal Name, type in ${attr.name}

Leave Lookup Name set to ON

Set Lookup ID to OFF

Set Lookup Email to OFF

Click the Addresses tab.

For Primary Email, blank this setting out.

For Secondary Email, type in ${attr.secondaryEmail}

For Primary Mobile, blank this setting out.

For Secondary Mobile, type in ${attr.secondaryMobile}

Create to complete the automation.

 

Now run the import by clicking the green gears icon and selecting Run Now.