Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4028: How to migrate to a new Centrify Customer ID

Centrify Identity Service, App Edition ,  

12 April,16 at 11:20 AM

Applies To:
Centrify for Mobile / Centrify for SaaS


Question:
What are the recommended steps to create a new Centrify Customer ID and perform the migration of existing tenant configuration settings?


Answer:


Centrify does not currently offer an automated method to export or import tenant configurations so the below steps must be performed manually.

Customers can create new or re-register an existing Customer ID (tenant) at any time. This process will create a new Customer ID and Cloud Manager instance but the existing Cloud Manager portal will remain active and can be accessed if desired using the “cloudadmin” account that is present by default for all tenants.

The steps performed to migrate to a new Customer ID will depend on the current tenant configuration – integrated with Active Directory or when used in a cloud-only manner via the Centrify Cloud Service    

Creation of a new Customer ID will require reconfiguration of any Apps and all mobile devices will need to re-enroll so be sure to coordinate these migration actions with users to reduce user downtime. Note that when a device is un-enrolled, it will remove all Centrify-delivered email account settings and restriction policy profiles from the device.



== Active Directory integration (Cloud Proxy Server in use) ==

Perform the below steps if you already have the Centrify Cloud Proxy server installed in your environment and plan to continue its use



-- Decommission the current tenant and unenroll / delete all devices

1. Login to the Cloud Manager portal ( cloud.centrify.com/manage) for your current tenant and select Users from the top menu. Select and set the password for the "cloudadmin" user account if needed - this provides access to the portal after the cloud proxy is associated with a new Customer ID or uninstalled from Active Directory.


   NOTE: The login username syntax for the “cloudadmin” account is cloudadmin@customerid  or cloudadmin|customerid – either can be used

2. Make a record of your Cloud Manager login alias configuration (Settings > Login Alias). Delete the current alias for your domain and any additional login alias settings you plan to reuse in the new tenant - this is required in order to re-use the login alias with your new tenant

3. If any Apps are currently configured, they will also need to be added manually to the new tenant Cloud Manager - there is no import/export feature for Apps at present time.

4. Unenroll all current devices from Active Directory - this can be performed via Active Directory Users and Computers (ADUC > Actions > Device Management > Unenroll) or manually from the device via the Centrify mobile app (Settings > Unenroll). Note that when a device is un-enrolled, it will remove all Centrify-delivered email account settings and policy profiles

5. Manually delete all mobile device computer objects from Active Directory 



 
 -- Register a new Customer ID (tenant) and activate / configure the Cloud Proxy Server

6. Login to www.centrify.com
with a registered Centrify account and create a new Customer ID via the My Cloud Service Accounts page at http://www.centrify.com/cloud/my-service-accounts.asp
. Select the desired region from the drop-down list under the section “Register for another Cloud Service Account” and press the “Setup one more” button. The My Cloud Service Accounts page will display all Customer ID’s that have been created and associated with the Centrify account used for login


7. A new Customer ID and proxy activation code will be displayed online and delivered via email to the registered email address of the account. Highlight the proxy activation code and copy to the clipboard (ctrl+c)

8. On the host where the proxy is installed, launch the Centrify Cloud Proxy Configuration utility, select the Proxy Server tab and choose the "Re-register" button. After the proxy activation wizard starts, paste (ctrl+v) or manually enter the activation code when prompted to complete proxy activation.

9. Re-launch the Centrify Cloud Proxy Configuration utility and configure the Enrollment groups and Container settings listed on the Mobile Settings tab. Administrators can choose new values or reuse the container & GPO configuration that was previously used if desired
 

-- Restore Login Alias settings, configure Apps & Apple APNS, then re-enroll mobile devices

10. Login to the new Cloud Manager using the username syntax of adaccountname@customerid to select and set the password for the cloudadmin user account - this is used in case the proxy is offline to allow login to the Cloud Manager

11. In the Cloud Manager, select Settings > Login Alias and re-enter the previously-used alias settings  - this allows users to login to the MyCentrify user portal (cloud.centrify.com/my) and enroll devices using the username syntax of adusername@loginalias.

12. Configure Apple APNS in the Cloud Manager (Settings > APNS) – Follow the 3 steps displayed to upload the Centrify MDM certificate to Apple and then upload the response back into the Cloud Manager (required for iOS and OS X devices – not required for Android devices)

Please review KB-2978 if additional assistance is needed with APNS configuration:

                KB-2978: How to obtain an Apple APNS certificate

13. Add any previously used Roles to the new Cloud Manager portal and add Active Directory users. Administrators can also create new Centrify User Service (CUS) User accounts if desired and associate to a Role

14. Add any previously configured Apps to the new Cloud Manager portal and assign user access by assigning Roles that contain users allowed to access the app. Administrators can access the previous Cloud Manager using the “cloudadmin” account for that tenant to compare and confirm previously-used App settings

15. Enroll a test mobile device and confirm that user authorization and correct group policy settings are delivered and enforced. Also test user login to the MyCentrify portal (cloud.centrify.com/my) and access to Apps

16. Users should now re-enroll mobile devices to receive the configuration and restriction profiles as well as Apps and leverage self-service device management features
 
 

 
== Cloud-only (Cloud Proxy Server is not in use) ==

Perform the below steps if you do not have the Centrify Cloud Proxy server installed in your environment for integration with Active Directory



-- Decommission the current tenant

1. Login to the Cloud Manager portal (cloud.centrify.com/manage) for your current tenant and select Users from the top menu. Select and set the password for the "cloudadmin" user account - this provides access to the portal after the cloud proxy is associated with a new Customer ID or uninstalled from Active Directory.


   NOTE: The login username syntax for the “cloudadmin” account is cloudadmin@customerid  or cloudadmin@customerid – either can be used

2. Make a record of your Cloud Manager login alias configuration (Settings > Login Alias) for the Centrify User Service (CUS). Delete the current login alias settings you plan to reuse in the new tenant - this is required in order to re-use the login alias with your new tenant

3. If any Apps are currently configured, they will need to be added manually to the new tenant Cloud Manager - there is no import/export feature for Apps at present time.



 
 -- Register a new Customer ID (tenant) and activate/configure the Cloud Proxy Server

4. Login to www.centrify.com
with a registered Centrify account and create a new Customer ID via the My Cloud Service Accounts page at http://www.centrify.com/cloud/my-service-accounts.asp
. Select the desired region from the drop-down list under the section “Register for another Cloud Service Account” and press the “Setup one more” button.

The My Cloud Service Accounts page will display all Customer ID’s that have been created and associated with the Centrify account used for login


5. A new Customer ID and proxy activation code will be displayed online and cloudadmin account information used for first-time login will be delivered via email to the registered email address of the account. The proxy activation code will not be used if there are no plans to also install the Centrify Cloud Proxy server  
 

-- Restore Login Alias settings, configure Apps & Apple APNS, then re-enroll mobile devices

6. Login to the new Cloud Manager (cloud.centrify.com/manage) using the username syntax of cloudadmin@customerid  or cloudadmin|customerid (either can be used) to select and reset the password for the cloudadmin user account

7. In the Cloud Manager, select Settings > Login Alias and re-enter the previously-used alias settings for the Centrify User Service  - this allows users login access to the MyCentrify user portal (cloud.centrify.com/my) using the username syntax of adusername@loginalias.

8. Add any previously used Roles to the new Cloud Manager portal and create new Centrify User Service (CUS) User accounts

9. Add any previously configured Apps to the new Cloud Manager portal and assign user access by assigning Roles that contain users allowed to access the app. Administrators can access the previous Cloud Manager using the “cloudadmin” account for that tenant to compare and confirm previously-used App settings

10. Test user login to the MyCentrify portal and access to Apps – notify users when ready for use

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.