Demo buchenDE

Migrating to Iden

What changes when you move identity governance to Iden, what stays the same, and where to start. Per-vendor migration guides indexed here.

3 min read · Last updated June 2026

You've decided to switch. The current tool is too slow, too expensive, or both. The next question is what the move actually looks like.

Pick the vendor you're leaving below, and the per-vendor guide walks through the move. Each guide follows the same structure, because the migration follows the same shape regardless of where you're coming from.

What changes when you move

Three things shift the day Iden goes live.

You stop waiting on professional services. There aren't any. The team that runs your stack today is the team that runs Iden. Setup is measured in days, not months. The first fifteen apps connect inside the first hour.

You stop paying for connector coverage in tiers. SCIM or not, plan tier or not, custom or not. Iden covers everything the same way for the same price. The SCIM tax goes away.

You stop thinking about identity work as a queue. The HRIS becomes the source of truth. Onboarding, offboarding, and access changes flow from there without anyone clicking through five tools. Permissions go fine-grained per app: channel-level, repository-level, project-level. Group-level is the floor, not the ceiling.

What stays the same

The SSO stays. The HRIS stays. So does the access request channel, whatever you run it through. Iden is the governance layer on top of the stack you already have. The IdP keeps running. The HRIS keeps doing what it does. Iden plugs into both, treats the HRIS as the source of truth, and executes from there. Migration is not a rebuild.

The shape of each guide

Nine sections, every time.

  1. Why teams leave that vendor.
  2. What changes day one.
  3. Concept mapping: their term, the equivalent in Iden.
  4. The playbook: export, connect HRIS, parallel-run, cut over, decommission.
  5. Common gotchas specific to that vendor.
  6. Timeline by stack size.
  7. Rollback plan if you need it.
  8. FAQs.
  9. Where to ask for help.

Plan for a parallel run. The window covers the audit-trail handoff, the first full joiner-mover-leaver cycle on the new system, and one access-review run. After that the old tool gets decommissioned, or kept as a soft fallback. The per-vendor timeline section tells you what's realistic for your stack.

Pick your starting point

Migration guides publish on a rolling schedule. Live guides are linked. The rest are in the queue.

  • SailPoint (IdentityIQ and IdentityNow)
  • Okta (Lifecycle Management and Identity Governance)
  • Manual processes (spreadsheets, Slack, scripts, someone's checklist)
  • Saviynt
  • Lumos
  • ConductorOne
  • Veza
  • Oracle Identity Governance
  • JumpCloud
  • Zluri
  • BetterCloud

Microsoft Entra ID Governance is not on this list. Iden runs alongside Entra rather than replacing it. The coexistence guide is at /kb/works-with/entra-id.

Need a hand picking the path

Migration office hours run weekly. The same team that builds Iden runs them. Bring whatever shape your stack is in. We will tell you what's realistic, and the honest answer is sometimes "stay where you are for now."

Related

Offboarding automation

Most offboarding fails because tools were never built to reach the apps that matter. What zero-touch offboarding actually means, why most automation breaks, and what a working flow looks like on the day someone leaves.

May 2026