Every IAM project is a migration. If you’ve been in identity long enough, you’ve lived the reality: IdP replacements are rarely greenfield. You inherit years of app integrations, SAML and OIDC configurations, claim mappings, MFA policies, and “temporary” exceptions that became permanent. And when it’s time to switch identity providers, because the old one is aging, non-standard, or simply too expensive, the migration becomes the project.

Most teams tackle this with spreadsheets, screenshots, and copy/paste with the goal of keeping the legacy IdP running, while they stand up the new one, then manually recreate configuration until cutover. It’s slow, error-prone, hard to validate, and risk, especially when you’re trying to maintain business-as-usual while rebuilding the control plane of access.

This session introduces IdP Transformation: an automated migration approach that treats IdP configuration as data. We’ll walk through a practical pipeline that extracts configuration from a source IdP, normalizes and maps it to a target model, validates the result, and imports it into the destination IdP. This technique reduces rework, accelerates timelines, and improves confidence in cutover.

You’ll leave with the core principles behind IdP Transformation, reference patterns for implementing it, and guidance for applying it across common migration scenarios. We’ll also cover how the approach can be extended beyond configuration to user data migration, including options (and constraints) for migrating passwords and MFA device factors.