Upgrade from Identity Connect 3.0.X to Identity Connect 7.1.6
Upgrade from Identity Connect 3.0.X to Identity Connect 7.1.6 on Windows or Linux to implement extensive security enhancements. Identity Connect 7.1.6 adds to the security improvements introduced in Identity Connect 7.1.1 As of the Summer ‘23 release, you can no longer download Identity Connect 2.1 or Identity Connect 3.0.X. We recommend that you upgrade to Identity Connect 7.1.6 as soon as you’re able to.
Required Editions
| Available in: both Salesforce Classic and Lightning Experience |
| Available for an additional cost in: Enterprise, Performance, and Unlimited Editions. Developer Edition includes 10 Identity Connect permission set licenses. |
Complete these tasks to upgrade from Identity Connect 3.0.X to Identity Connect 7.1.6 on Windows or Linux.
- Copy Identity Connect 3.0.X and Unzip Identity Connect 7.1.6
- Upgrade to Java Version 11
- Update the Configuration files for Identity Connect 7.1.6
- Update the Connector Configuration Files with New Connector Version Ranges
- Copy the Security Directory, the Resolver Directory, and the Database
- Run Postgres and Update the Database
- Launch Identity Connect 7.1.6
Note For all commands in the upgrade process, replace 3.0.X with the version number of your
current edition of Identity Connect, for example, 3.0.2.
Copy Identity Connect 3.0.X and Unzip Identity Connect 7.1.6
Create backups of Identity Connect 3.0.X and unzip Identity Connect 7.1.6.
- In a server environment, open the opt/projects directory and display a
list of files.
- On Windows, use the standard utilities to display the file list.
- On Linux, use the command 11 (two lowercase Ls) to display the file list.
- Make two backup copies of Identity Connect 3.0.X, to use in case of errors in the upgrade
process.
- On Windows, use the standard utilities to make the copies.
- On Linux, to make the first copy, run the command cp -r salesforceIdConnect/ salesforceIdConnect.3.0.x. To make the second copy, run the command mv -r salesforceIdConnect/ salesforceIdConnect.3.0.x.bak.
- Navigate to where you downloaded the Identity Connect 7.1.6 zip file, and unzip the
file.
- On Windows, use the standard utilities.
- On Linux, use the unzip command or the equivalent.
- Display the files in the directory, and confirm that salesforceIdConnect/ is in the projects directory. This is the directory for Identity Connect 7.1.6.
Upgrade to Java Version 11
Make sure you have the correct version of Java.
- Upgrade to Java version 11 in the Identity Connect 7.1.6 environment.
- On Windows, download and install Java 11.
- On Linux, use the system package manager to install Java 11.
- When the installation is complete, return to the security directory in the Identity Connect 7.1.6 environment.
Update the Configuration files for Identity Connect 7.1.6
Set your configuration files for Identity Connect 7.1.6.
- Change to the Identity Connect 7.1.6 configuration directory, salesforceIdConnect/conf.
- To copy the configuration files, run the command cp authentication.json
managed.json repo.jdbc.json repo.init.json internal.json jetty.xml
/path/to/salesforceIdConnect.3.0.x/conf. Copy these files.
- authentication.json
- managed.json
- repo.jdbc.json
- internal.json
- repo.init.json
- jetty.xml
- To replace the Identity Connect 7.1.6 configuration directory with the existing Identity Connect 3.0.X configuration directory, run the command cp -r /path/to/salesforceIdConnect-3/conf /path/to/salesforceIdConnect-7/.
Update the Connector Configuration Files with New Connector Version Ranges
Update the bundle versions.
- To update the bundle versions in Active Directory, run the command vim
provisioner.openicf-AD.json. Under “connectorRef”, for
“bundleVersion”, enter the bundle version range
[1.5.19.0,1.6.0.0).Note The bundle version range opens with a square bracket and closes with a round bracket.
- To update the Salesforce connector, run the command vim provisioner.provisioner.openicf-<your Salesforce ConnectorID>.json. For “bundleVersion”, enter the bundle version range [1.5.19.0,1.6.0.0) (the same values as for Active Directory.)
- To remove the endpoint reconfigure (recon) results file, run the command. rm
endpoint-reconResults.json
rm endpoint-reconResults.json - In the sync.json file, in the mappings for Salesforce groups
(
managedAssignment_orgid) and permission sets (systemSalesforcePermissionSet_managedAssignment_ordid), change the values forassignmentOperationandunassignmentOperation.The old settings have this information.
Change the settings to these values."assignmentOperation": "addToPickList", "unassignmentOperation": "removeFromTarget""assignmentOperation": "noOp", "unassignmentOperation": "noOp" - To confirm the new assignments, refresh the Permission Sets and Groups objects.
Copy the Security Directory, the Resolver Directory, and the Database
Continue the configuration by copying important directories and the database.
- Change to the Identity Connect 7.1.6 directory.
- To copy the security directory from Identity Connect 3.0.X to Identity Connect 7.1.6, enter
the command.
cp -r ../salesforceIdConnect.3.0.x/security/ - To copy the resolver directory and ensure that you transfer any boot properties, enter the
command.
cp -r ../salesforceIdConnect.3.0.x/resolver/ - To copy the database, enter the command.
cp ../salesforce.3.0.x/db/
Run Postgres and Update the Database
These steps assume that you’re using an embedded PostgreSQL repository. If you’re using an external PostgreSQL repository, adjust the steps to match your environment.
- To change to the Postgres bin directory, run these commands.
cd db/openidm/postgres/pgsql-10.5-1/pgsql/cd db/openidm/postgres/pgsql-10.5-1/pgsql/bin/ - To start postgres with the data that you’ve copied, run these commands.
./pg_ctrl start -D /apt/projects/salesforceIdConnect/db
If the command is successful, a message indicates that the server has started../pg_ctrl start -D /apt/projects/salesforceIdConnect/db/openidm/data - To connect to the Postgres database, run the command ./psql --username <yourusername> --password <yourpassword> --port <yourportnumber>.
- To update the database schema, run these commands.
DELETE FROM openidm.schedulerobjects; DELETE FROM openidm.configobjects; ALTER TABLE locks ALTER COLUMN objectid TYPE varchar(255); DELETE FROM openidm.relationships WHERE firstResourceCollection = 'internal/role' AND firstResourceId = 'openidm-authorized' OR secondResourceCollection = 'internal/role' AND secondResourceId = 'openidm-authorized'; - To update the database, run the appropriate script.For PowerShell:
For Bash:\path\to\salesforceIdConnect-7\db\openidm\postgres\pgsql-10.5-1\pgsql\bin\psql -U openidm -W -p 5432 < \path\to\salesforceIdConnect-7\script\updates\00-relationshipresources.sql \path\to\salesforceIdConnect-7\db\openidm\postgres\pgsql-10.5-1\pgsql\bin\psql -U openidm -W -p 5432 < \path\to\salesforceIdConnect-7\script\updates\01-syncqueue.sql \path\to\salesforceIdConnect-7\db\openidm\postgres\pgsql-10.5-1\pgsql\bin\psql -U openidm -W -p 5432 < \path\to\salesforceIdConnect-7\script\updates\02-importobjects.sqlpsql -U openidm -W -p 5432 < /path/to/salesforceIdConnect-7/script/updates/00- relationshipresources.sql psql -U openidm -W -p 5432 < /path/to/salesforceIdConnect-7/script/updates/01-syncqueue.sql psql -U openidm -W -p 5432 < /path/to/salesforceIdConnect-7/script/updates/02-importobjects.sql - To stop the postgres operation, run this command.
./pg.ctrl stop -D /opt/projects/salesforceIdConnect/db/openidm/data
Launch Identity Connect 7.1.6
Now it’s time to launch Identity Connect 7.1.6 and make sure everything is configured correctly.
- Change to the Salesforce Identity Connect 7.1.6 directory.
- To start up Identity Connect 7.1.6, run this command.
./startup.sh - To confirm that Identity Connect 7.1.6 is configured correctly, log in to the UI and verify
the following.
- Permission sets and groups have transferred from Identity Connect 3.0.X to Identity Connect 7.1.6.
- Active Directory information has populated.
- The relevant Salesforce orgs appear on the Manage Salesforce Organizations tab.
- Click the Sync tab, then click Run Preview Analysis to confirm that your users have been migrated.
Did this article solve your issue?
Let us know so we can improve!
