Migrating Identity Broker Between Environments

Configuration Migration

Identity Broker uses a local storage mechanism for persisting its configuration. This is located in a series of XML files located in the Extensibility directory in the Identity Broker service directory.


Migrating between development, test, and production environments can be as simple as copying the contents of this directory into the Extensibility directory of the new environment while the Identity Broker service is turned off (not just the scheduler). When the Identity Broker service is restarted, the new configuration will be loaded. The breakdown of these files is as follows:

Filename Description
Unify.Framework.Api.ApiEnginePlugInKey.extensibility.config.xml The configuration for all existing APIs.
Unify.Framework.Auditing.AuditingEnginePlugInKey.extensibility.config.xml Contains default and additional auditing configuration.
Unify.Framework.Data.DataEnginePlugInKey.extensibility.config.xml The connection details to the Identity Broker database.
Unify.Framework.Image.ImageEnginePlugInKey.extensibility.config.xml A store for images used by Identity Broker plugins such as connectors and adapters.
Unify.Framework.Logging.LoggingEnginePlugInKey.extensibility.config.xml Contains default and additional logging configuration.
Unify.Framework.Password.PasswordEnginePlugInKey.extensibility.config.xml Settings for an engine that generates random passwords for other plugins, for example some connectors.
Unify.Framework.StoredValues.StoredValuesEnginePlugInKey.extensibility.config.xml The database reference for the stored values engine. Some connectors use the stored values engine for saving state between operations.
Unify.Framework.Web.WebEnginePlugInKey.extensibility.config.xml Used to configure the self-hosted option.
Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml The configuration for all existing Adapters.
Unify.Product.IdentityBroker.AdapterGroupEnginePlugInKey.extensibility.config.xml The configuration for all existing Adapter Groups.
Unify.Product.IdentityBroker.AgentEnginePlugInKey.extensibility.config.xml The configuration for all existing Agents.
Unify.Product.IdentityBroker.ChangeLogEnginePlugInKey.extensibility.config.xml The database reference for the LDAP change log engine.
Unify.Product.IdentityBroker.ChangesRegisterEnginePlugInKey.extensibility.config.xml The database reference for the Change Detection engine.
Unify.Product.IdentityBroker.ChangeTrackingEnginePlugInKey.extensibility.config.xml The database reference for the Change Tracking engine.
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml The configuration for all existing Connectors.
Unify.Product.IdentityBroker.ConnectorGroupEnginePlugInKey.extensibility.config.xml The configuration for all existing Connector Groups.
Unify.Product.IdentityBroker.EntityEnginePlugInKey.extensibility.config.xml The database reference for the Entities engine.
Unify.Product.IdentityBroker.GatewayEnginePlugInKey.extensibility.config.xml The configuration for all existing Gateways.
Unify.Product.IdentityBroker.SecurityEnginePlugInKey.extensibility.config.xml The LDAP Security configuration.

In addition to the above files, some environments may have also updated the following files:

  • Unify.Service.Connect.Debug.exe.config
  • Unify.Service.Connect.exe.config
  • Unify.Service.Connect32.Debug.exe.config
  • Unify.Service.Connect32.exe.config
  • Web.config

If these files have been modified, they should also be migrated.

See Moving the Identity Broker database for information relating to the Identity Broker database.

ALERT: Please read the below section prior to commencing the migration.

Migration Considerations

There are a few issues to consider when migrating configuration between environments:

  • Ensure that the database hase been correctly migrated and that the Data Configuration is targeting the correct database
  • Partial migrations are possible using the table above, however, the absence of configured agents will result in incomplete connector configuration
  • Agent configuration is not updated when the configuration is migrated. This means that agents will still use the server names specified in the source environment. Consider the use of aliases to ensure configuration remains consistent.
  • If aliases are not used, Agents will need to be reconfigured to point to the relevant servers in the new environment.
  • Individual connectors need not be updated unless they reference items that are located in a different location to the base environment, such as PowerShell Connector.
  • It is advisable to disable the Identity Broker scheduler before migrating configuration.

This article was helpful for 1 person. Is this article helpful for you?