Migrating existing Escenic users

In cases where you have an existing user base in the CUE Content Store database and these don't exist anywhere else (i.e. the CUE Content Store database is the master source for these users), you can migrate these to the IAM system using CUE User Manager's REST interface. This will typically be a one time job to bootstrap the system.

The CUE User Manager is documented "live" using the OpenAPI Specification and is accessible on your CUE User Manager system under the URI https://um.mycompany.com/openapi.json. There's also an interactive web interface through which you can experiment with the API under https://um.mycompany.com/swagger-ui/

Here's an example of creating a user using CUE User Manager's REST interface: 

$ curl \
  --request POST \
  --header 'Content-type: application/json' \
  --header 'Authorization: Bearer <access-token>' \
  --data '{
     "userName": "lisa",
     "givenName": "Lisa",
     "familyName": "Doe",
     "displayName": "Lisa Doe",
     "email":"lisa@example.com"
    }' \
  https://um.mycompany.com/user

The user data can be exported from the CUE Content Store in several ways. Check out the documentation for the version you have installed at: cuedocs.escenic.com . Once you have them on a machine readable format, you can write a script to create these users in the IAM system by using the mentioned CUE User Manager REST interface. These users will be created in the IAM system through the SCIM2 interface. If these users then are to be further exported to Active Directory, the appropriate LDAP synchronisation must be set up. Again, this is in the realm of the IAM system.

The code you write to migrate the users will need a long lived access token from the IAM system (since the code is not a person that can authorise requests in a web browser). You thus need to configure the IAM system to issue access tokens with a long TTL, e.g. 30 minutes and then obtain one on the behalf of your integration script by pointing your web browser at: https://um.mycompany/auth . At the end of the OIDC authentication exchange, you will see the access token in the URI in your browser. This token can then be used in requests to the /user endpoint of CUE User Manager to create the users and groups you need.

Copyright © 2019 CCI Europe AS