Migrating existing Escenic users
In cases where you have an existing user base in the CUE Content Store database and these don't exist anywhere else (i.e. the CUE Content Store database is the master source for these users), you can migrate these to the IAM system using CUE User Manager's REST interface. This will typically be a one time job to bootstrap the system.
The
CUE User Manager
is documented "live" using the
OpenAPI
Specification and is accessible on your
CUE User Manager
system under the URI
https://um.mycompany.com/openapi.json
. There's also
an interactive web interface through which you can experiment with the
API under https://um.mycompany.com/swagger-ui/
Here's an example of creating a user using CUE User Manager's REST interface:
$ curl \ --request POST \ --header 'Content-type: application/json' \ --header 'Authorization: Bearer <access-token>' \ --data '{ "userName": "lisa", "givenName": "Lisa", "familyName": "Doe", "displayName": "Lisa Doe", "email":"lisa@example.com" }' \ https://um.mycompany.com/user
The user data can be exported from the CUE Content Store in several ways. Check out the documentation for the version you have installed at: cuedocs.escenic.com . Once you have them on a machine readable format, you can write a script to create these users in the IAM system by using the mentioned CUE User Manager REST interface. These users will be created in the IAM system through the SCIM2 interface. If these users then are to be further exported to Active Directory, the appropriate LDAP synchronisation must be set up. Again, this is in the realm of the IAM system.
The code you write to migrate the users will need a long lived access
token from the IAM system (since the code is not a person that can
authorise requests in a web browser). You thus need to configure the IAM
system to issue access tokens with a long
TTL,
e.g. 30 minutes and then obtain one on the behalf of your integration
script by pointing your web browser at:
https://um.mycompany/auth
. At the end of the OIDC
authentication exchange, you will see the access token in the URI in
your browser. This token can then be used in requests to the
/user
endpoint of
CUE User Manager
to create the users and groups you need.