Overview
Netwrix Identity Manager is often implemented to replace an existing solution. This raises the question of what strategy to adopt for the transition to the new IGA.
Description
The answer to this question is, of course, linked to your context, your organization, your practices, and your objectives. This document lists all the topics to be addressed when building your migration strategy.
This content is available for download here:
Netwrix Identity Manager - Strategy for migrating from another IGA solution v1.0.pdf
IGA deployment – migration strategy
A successful IGA migration strategy balances technology (connectors, data, workflows, IS integration) with governance (processes, policies, compliance) and people (change management, adoption).
As explained in this document describing how to deploy an IGA, IGA deployment & governance with Netwrix Identity Manager, deploying an IGA is more of a program than a project. A program comprising different projects.
To define a migration strategy, several topics must be addressed:
- Vision & Business Alignment
- Current State Assessment (AS-IS)
- Target Platform Capabilities (TO-BE)
- Data & Role Model Strategy
- Integration & Connectivity
- Migration Approach
- Governance & Compliance
- Change Management & Adoption
- Risk & Security Considerations
- Program Management
We will discuss these topics in more detail later in this document to provide you with food for thought as you define your migration strategy to Netwrix Identity Manager.
Vision & Business Alignment
Why?
- Why are you moving? (cost, scalability, features, compliance, cloud-readiness, vendor lock-in, etc.).
- Target operating model: Define what you want your future-state governance processes to look like (access requests, certifications, role management, SoD, PAM integration, etc.).
- Stakeholder buy-in: Engage Security, Compliance, HR, IT, and business owners early.
An important question to ask yourself is: If you look ahead a few months after Netwrix Identity Manager goes live, what concrete evidence would you like to see that would prove beyond doubt that your deployment has been a success?
The answers will help you to focus on what is important to you
Current State Assessment
AS-IS: Where do you come from?
- Application & system inventory: Catalog all connected systems, data sources, and identity repositories.
- Process mapping: Document current joiner/mover/leaver (JML) flows, approval workflows, SoD rules, access certification campaigns.
- Pain points & gaps: Identify what’s broken or inefficient today so you don’t just replicate legacy issues in the new tool.
IGA Maturity Assessment
System inventory
Process & Governance
Target Platform Capability
- Netwrix Identity Manager supports cloud and on-premise systems, hybrid architectures, and future integrations (DAG, PAM, …).
- Ensure identity lifecycle automation, role-based access control (RBAC), attribute-based (ABAC), AI/ML for recommendations, policy automation, and user experience (UX) improvements.
- Natively managing multi-positions
- …
With its comprehensive coverage of IGA features, Netwrix Identity Manager supports you regardless of your IGA maturity goal, from simple management of a centralized identity repository to AI-based automation of role and rights management.
Data & Role Model Strategy
- Identity data quality: Clean up duplicates, stale accounts, and inconsistent attributes before migration.
- Role mining & design: Decide if you’ll migrate legacy roles as-is or redesign them (to avoid role explosion).
- Access policies & SoD rules: Translate them into the new platform — often requires rethinking, not just porting.
Integration & Connectivity
- Critical connectors: Prioritize systems with the highest risk (ERP, HR, AD, Cloud SaaS apps).
- API & SCIM strategy: Time to switch to a modern integration.
- Custom connectors: Budget for building/rebuilding integrations where out-of-the-box support doesn’t exist.
- Role and responsibility of IS components: management/propagation of authoritative data, ITSM, user experience, DAG, assets management, …
IGA roles and responsibilities
Migration Approach
- Big bang vs phased migration: Most enterprises go phased (start with HR & AD, then critical apps, then long tail).
- Parallel run: Maintain both IGAs for a transition period to reduce risk.
- Cutover strategy: Decide when to switch off legacy connectors & workflows.
IGA roles and responsibilities
Governance & Compliance
- Ensure auditability: Prove to auditors that entitlements, approvals, and certifications are preserved or improved.
- Regulatory needs: GDPR, SOX, HIPAA, PCI — ensure the new IGA can demonstrate compliance from Day 1.
Traceability & Auditability
Change Management & Adoption
- Training & communication: End users, approvers, and certifiers must be guided through the new UI/processes.
- Business ownership: Shift governance from IT-only to business-driven where possible.
- Support model: Establish roles for ongoing administration, identity engineering, and governance oversight.
Segment & Adapt
- Identify the populations affected
- Typologies (volume, frequency of use, etc.)
- Personalise the approach by population
Examples of means that can be put in place:
- Information (email, video, coffee corner, …)
- Training (exercises, face-to-face, video, etc.)
- Coaching (accompaniment, step-by-step guide, …)
- Support (call 911)
Stakeholders & interactions
Risk & Security Considerations
- Ensure no orphan accounts are created during migration.
- Plan for rollback scenarios in case migration fails.
- Validate policy enforcement consistency between old and new systems.
Program Management
- Treat this as a multi-year program with clear milestones (assessment → design → pilot → rollout → decommission).
- Build KPIs: % of systems migrated, % of automated provisioning, compliance score, and reduction in manual effort.
