Migrating users to the new Authentication Platform

You only need to do this once!

Nintex RPA v19.3 introduced a new, robust, and flexible authentication platform. This topic describes the procedure for migrating your current Nintex users to the new platform.

If you have Nintex version 19.3 or above before the current upgrade, you can skip this step.

You need to follow this procedure when you upgrade from a Nintex version prior to 19.3 and:

  1. If migrating from user-pass authentication: migration is mandatory

  2. If migrating from Kerberos authentication: migration is mandatory in the following cases:

    1. You have robots defined and you want to save the user IDs assigned for each robot

    2. You have permissions defined in Admin, and you want to keep all the existing User IDs assigned with permissions

    3. You have a lot of different roles (for example: many Studio users) – using the migration tool will save you from having to assign roles (other that the automatic role assignment defined in Admin for new users)

To migrate Nintex users to the new authentication platform:

  1. Configure user migration script options

  2. Run the user migration script

  3. Confirm successful migration

Step 1: Configure user migration script options

With Notepad++ (or another text editor), open the following file: {InstallFolder}\Kryon\Support Tools\UsersMigrationTool\config.js

Narrow your focus...

In the config.js file, you'll set the options required for the user migration tool to run properly. Only the top half of the file is relevant to this mission. No need to pay any attention to the section below the line that reads: const test = {.

Keep the quotes...

When editing the file, be sure to keep the quotation marks for any value that currently appears within them.

  1. Set migration option as follows for the local:

    enable: default is false

    • true = to migrate users from Admin Tool (generally relevant to Username & Password deployments)

      IMPORTANT! Set to True only if the previous installation was user-pass authentication, and the new deployment is also user-password authentication.

    • false = to not migrate users from Admin Tool

      defaultPWD: default is DefaultPass123!(relevant only when local: enable = true)

      Note: This is the initial password that will be set for all users when they are migrated from Admin Tool to the authentication platform

  2. Set the migration options as follows for the ad:

    enable:

    • true = you will be migrating users from Windows Active Directory (relevant to Kerberos deployments)

    • false = you will not be migrating users from Windows Active Directory

    • domain (relevant only when ad: enable = true)

      • Active Directory domain from which users will be migrated

  3. Set database options as follows:

    user and password:

    • Remove the /* characters from the beginning of the line that starts: /*user

    • Remove the */ characters from the end of the line that starts: password

    • Replace the ... characters in each of these 2 lines with the username and password of the (sysadmin) user authorized to access the Nintex database server.

Save your changes and close the file.

Step 2: Run the user migration script

  1. Open a command prompt as administrator

  2. Navigate to the drive on which the Nintex RPA Server is installed

  3. Change directory to: {InstallFolder}\Kryon\Support Tools\UsersMigrationTool

  4. Open the C:\Kryon\Support Tools\UsersMigrationTool\RunUsersMigrationTool.bat file in Notepad, update KEYCLOAK_ADMIN_SECRET and INSTALL_FOLDER (if different than C:\Kryon\) and run the batch file.

    As the script runs, you will see users being migrated. When it completes, you will be returned to the command prompt.

    As the script runs, you may see warnings that looks something like the following:

    No need to worry about these warnings. The script should still run successfully.

    On the other hand, a message marked generally indicates that the script did not run as expected. Go back and check the options configured in Step 2 above.

Step 3: Confirm successful migration

When the script finishes running, confirm that users were migrated successfully by following these steps:

  1. Log in to the Nintex User Management Tool

  2. On the left navigation bar, click Users.

  3. On the screen that opens, click View all users to see a list of all users in your organization. Use this list to confirm that your Nintex users were successfully migrated to the new authentication platform.

-I came here while upgrading, take me back to the upgrading steps overview-

Automatic user and realm migration in Aerobase for multi-tenant

Steps Overview

Step 1: Running the realm update script

Step 2: Running the users update script

Step 3: Restart all services

Steps

Step 1: Run the Realm update script

Create tenantId attribute for local users in Aerobase:

  1. Open PowerShell as admin

  2. "cd" to <Installation location>\installer-assets\config\prod\scripts:

    cd <Installation location>\installer-assets\config\prod\scripts

  3. Run aerobase-realm-upgrade.ps1 by executing the following:

    .\aerobase-realm-upgrade.ps1 -nodeJsPath node -adminCliDir <Installation location>\Utils\kryon-admin-cli\ -realmUser authadmin -realmPassword <authadmin password> -env prod -realmJson <Installation location>\IDP\Aerobase\Configuration\kryon-realm.json -partialRealmJson <Installation location>\installer-assets\config\prod\scripts\kryon-realm20.3to.21.04.json

Step 2: Run the Users update script

  1. Open PowerShell as admin

  2. "cd" to <Installation location>\installer-assets\config\prod\scripts:

    cd <Installation location>\installer-assets\config\prod\scripts

  3. Run aerobase-users-upgrade.ps1 by executing the following:

    .\aerobase-users-upgrade.ps1 -nodeJsPath node -adminCliDir <Installation location>\Utils\kryon-admin-cli\ -realmUser authadmin -realmPassword <authadmin password> -env prod

Step 3: Restart all Nintex RPA services