Users migration to IAM

Modified on Tue, 17 Oct 2023 at 10:24 AM



After properly configuring Labfolder and/or Laboperator and IAM in the new Replicated panel, it is time to migrate the existing userbase from Labfolder and/or Laboperator to the new IAM database.

The migration consists in a job that reads the active users from LF/LO and sends them to IAM. 

This migration should not be executed when LDAP is active in the environment. LDAP users are imported directly into IAM, without the need to transfer from the existing Labfolder installation.

Step by step

In the Replicated panel, activate the option IAM Migration Endpoint Enabled.

Save and redeploy the application.

After the application is correctly redeployed, in the replicated panel, activate the option Platform Jobs Enabled.

Navigate to the bottom of the page, to the section Platform Jobs Configuration.

Activate the options to migrate from the source application and to Update IAM Id on the source database:

There is no need to change the CPU and Memory Requirements

Save the configuration and deploy the migration job. The migration job will execute as soon as it is deployed.

In case the environment is composed by Labfolder and Laboperator applications, execute one migration per time. Activate Laboperator migration first and, after having it succeeded, activate Labfolder migration. The process is identical for both applications.

Following the migration

On the terminal, execute the command

kubectl get pods 

In the result list there should be a line like this:

NAME                                                          READY   
lf-migration-client-mmf62 1/1
Running 0 66s

To follow up with the execution:

kubectl logs -f lf-migration-client-mmf62

The log result should be similar to the following one:

Started LFMigrationClientApplication in 2.539 seconds (JVM running for 2.83)
Executing paginated transmission of users.
Total count of users in the database: 112
Available users to be migrated: 112
Users not to be migrated: 0
Identified 112 users split into 1 pages.
Sending batch #1 from a total of 1.
Users migrated successfully: 112
Users failed to migrate: 0
Complete paginated execution took 6281ms
Labfolder users in IAM (IAM-Report): 112
Laboperator users in IAM (IAM-Report): 0
Merged users in IAM (IAM-Report): 0
Conflicted users in IAM (IAM-Report): 0
Users with warning in IAM (IAM-Report): 0
Gracefuly shutting down LF Profile Migration application.

On the log messages, we can see that 112 users were migrated successfully from LF to IAM with 0 failures and no conflicts.

Conflicts can happen in case the same user (identified by email) is present in both LF and LO databases, but these two databases contain different profile data (first or last names, for example).

In the case of conflicts, the user should be able to fix their personal information on the IAM Profile Page.

Action needed after the migration

Disabling parameters

After the migration is concluded, the configuration options should be then disabled in the Replicated panel.

Under Platform Jobs Configuration, disable “Run user data migration”.

Disable the IAM Migration Endpoint.

Disable the Platform Jobs Enabled.

Save and redeploy.

Reset passwords

For security reasons, the passwords are not migrated from the products (Labfolder or Laboperator) to IAM. This means that after the migration is completed successfully, all the users should use the “Forgot your password?” link on the main IAM page to create a new password.

After adding the email address, a new email with instructions arrives, allowing the users to set their new password with IAM and re-establish their access to Labfolder and/or Laboperator.


This is the last configuration step needed in order to configure the migration to the new Identity and Access Management system provided by Labforward.

After the users' migration, all the data in the previous systems should be available with the regular login.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article