Upgrade from Identity Connect 2.1 to Identity Connect 7.1.6
Upgrade from Identity Connect 2.1 to Identity Connect 7.1.6 on Windows or Linux to implement security enhancements. Identity Connect 7.1.6 adds to the extensive security improvements introduced in Identity Connect 7.1.1. As of the Summer '23 release, you can no longer download Identity Connect 2.1 or Identity Connect 3.0.X. We recommend that you upgrade to Identity Connect 7.1.6 as soon as you’re able to.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available for an additional cost in: Enterprise, Performance, and Unlimited Editions. Developer Edition includes 10 Identity Connect permission set licenses. |
Upgrade from Identity Connect 2.1 to Identity Connect 7.1.6 on Windows or Linux by completing these tasks.
- Log into Salesforce, Open Two Server Environments, and Confirm Callback URLs
- Unzip the Installation Package for Identity Connect 7.1.6
- Copy the Keystore and Truststore from Identity Connect 2.1 to Identity Connect 7.1.6
- Upgrade to Java Version 11
- Run the Setup for Identity Connect 7.1.6
- Configure and Migrate Data from Identity Connect 2.1 to Identity Connect 7.1.6
Log in to Salesforce, Open Two Server Environments, and Confirm Callback URLs
Login and prepare to upgrade from Identity Connect 2.1.
- Log into Salesforce so you can update your connected app and make needed configuration changes. Then, make sure that Identity Connect 2.1 is running.
- Open two server environments, one to run Identity Connect 2.1 and one to install Identity Connect 7.1.6.
- Open the Identity Connect 2.1 user interface. On the Profile to AD Group tab, confirm that a default mapping value is present. A default value is required for successful migration.
- In Salesforce, from Setup, enter Connected Apps in the Quick Find box, then select Manage Connected Apps. In the connected app for Identity Connect, confirm that the callback URL for Identity Connect 2.1 is present, and add the callback URL for Identity Connect 7.1.6.
Unzip the Installation Package for Identity Connect 7.1.6
Prepare for the upgrade by unzipping the installation package.
- In the Identity Connect 7.1.6 environment, navigate to where you downloaded the Identity Connect 7.1.6 zip file, and unzip the file. On Windows, use the standard Windows utility. On Linux, use the unzip command or the equivalent.
- Change the directory to the unzipped folder and list the directories in the folder. On Windows, use the standard utilities. On Linux, use the command cd salesforceIdConnect, then use the command ll (two lower-case Ls.) You see a directory named security.
- Change to the security directory.
Copy the Keystore and Truststore from Identity Connect 2.1 to Identity Connect 7.1.6
Ensure your keystore and truststore exist in Identity Connect 7.1.6.
- In the terminal window for Identity Connect 7.1, run the command rm keystore.jceks to remove the keystore, then run the command rm truststore to remove the truststore.
- In the Identity Connect 2.1 environment, navigate to the Identity Connect security directory, /salesforceIdConnect/security.
- Copy the keystore.jceks and truststore files from the Identity Connect 2.1 security directory to the Identity Connect 7.1.6 security directory. Enter the keystore passwords as prompted, and enter yes to overwrite the existing certificate in the truststore.
Upgrade to Java Version 11
Make sure you have the correct version of Java.
- Upgrade to Java version 11 in the Identity Connect 7.1.6 environment. On Windows, download and install Java 11. On Linux, use the system package manager to install Java 11.
- When the installation is complete, return to the security directory in the Identity Connect 7.1.6 environment.
Run the Setup for Identity Connect 7.1.6
Set up Identity Connect 7.1.6.
- Change to the salesforceIdConnect directory and run the setup command, ./setup.sh.
- Confirm embedded Postgres as the data source, then press Enter on Windows or Return on Linux to start the Identity Connect server.
- Enter the keystore password when prompted.
- To confirm that the open IDM local host alias contains the proper subject in the certificate, run the command keytool -v -list and enter the keystore password at the prompt. This is the host name for your Identity Connect 2.1 environment.
Configure and Migrate Data from Identity Connect 2.1 to Identity Connect 7.1.6
Configure your data and move it to Identity Connect 7.1.6.
- To migrate the connection configuration details from Identity Connect 2.1 to Identity
Connect 7.1.6, run the configure command in the salesforceIdConnect directory (the directory
for 7.1.6), and enter your username and password. Enter the instance URL for the 2.1
environment, and the localhost for the 7.1.6 environment. Make sure that the host name matches
the host name in your certificate and your host file, which directs it to the IP address for
the 2.1 environment.You can run this action as an anonymous user. For example, on Windows, enter the following command. On Linux, enter the same command but omit the backslash \ characters.
The response indicates that status is pending.curl \ --insecure \ --header "X-OpenIDM-Username: anonymous" \ --header "X-OpenIDM-Password: anonymous" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "instanceUrl" : "https://localhost:8443/openidm/", "userName" : "yourname", "password" : "Passw0rd", "authType" : "idm_headers" }' \ "https://localhost:9443/openidm/endpoint/migration?_action=configure" - To view the migration status as the migration progresses, run the command POST
“https://localhost:[id]/openidm/endpoint/migration?_action=status”. If the configuration completes successfully, you get a response indicating success. If you get a response indicating that the configuration failed because of a bad certificate, you’ve incorrectly configured your certificates.
- To migrate the data from Identity Connect 2.1 to Identity Connect 7.1.6, run the migrate
command, and enter your username and password. Enter the localhost for the 7.1.6 environment.
For example, on Windows, enter the following command. On Linux, enter the following command
without the backslash characters.
curl \ --insecure \ --header "X-OpenIDM-Username: yourname" \ --header "X-OpenIDM-Password: Passw0rd" \ --header "Content-Type: application/json" \ --request POST \ "https://localhost:9443/openidm/endpoint/migration?_action=migrate" - Run the status command periodically to check the migration status, until you get the message that it’s complete.
- To confirm that Identity Connect 7.1.6 is configured correctly, log in to the UI and verify
the following.
- Permission sets and groups have transferred from Identity Connect 2.1 to Identity Connect 7.1.6.
- Active Directory information has populated.
- The relevant Salesforce orgs appear on the Manage Salesforce Organizations tab.
- On the Sync tab, then click Run Preview Analysis to confirm that your users have been migrated.
Did this article solve your issue?
Let us know so we can improve!
