User Authentication with Auth0

Posted on August 29, 2025 by Vasanth Nakkalla in Okta

Introduction

In today’s digital-first world, user authentication is the cornerstone of any secure application. Whether it’s a web app, mobile app or enterprise system, ensuring that users can log in securely while maintaining a smooth experience is critical. Traditionally, authentication was implemented manually, requiring developers to handle sensitive tasks like password hashing, session management and OAuth flows all of which introduced significant security risks if not done correctly.

Auth0, a leading identity-as-a-service platform, simplifies this process by providing ready-to-use authentication and authorization solutions. It supports multiple authentication methods such as Database connections (email/password), Passwordless connections (OTP or Magic links) and Social logins (Google, GitHub, LinkedIn, etc.) making it flexible enough to integrate into any application while ensuring enterprise-grade security.

Problem Statement

Building authentication in applications is often complicated and time-consuming. Developers need to create secure processes for user registration, login, and password resets while also protecting against common attacks like brute force and stolen credentials. Users today expect multiple login options, such as traditional email and password, social logins with Google or GitHub, and even Passwordless authentication through codes or links.

Balancing these expectations with strong security is not easy and often leads to frustration for both developers and end-users. As applications grow, authentication must scale across different platforms like web, mobile, and APIs, while also meeting compliance requirements such as GDPR or HIPAA. Without the right tools, authentication quickly becomes a bottleneck that slows development, introduces risks, and impacts the overall user experience.

Solution

Auth0 solves these challenges by providing a complete authentication platform that is easy to integrate and secure by design. It supports database connections for email and password logins, with built-in protection against threats and simple password reset flows. For modern needs, Auth0 enables passwordless authentication using one-time codes or magic links, allowing users to log in without remembering passwords. It also offers seamless social logins with providers like Google, GitHub, and LinkedIn, which improves convenience and reduces signup drop-off rates.

Everything can be managed from a central dashboard, where developers configure login flows, enable multi-factor authentication, and apply conditional logic based on user needs. Auth0 is scalable, compliant, and user-friendly, which means applications can deliver secure authentication without developers having to build everything from scratch.

Use-Case Overview

Watch this video to understand the different connection types in Auth0, including Database Connections, Passwordless Connection, and Social Logins. These options enable secure and flexible authentication for your applications.

Use-Case Demonstration

Watch this demo to explore the step-by-step configuration of various connection types in Auth0. This walkthrough offers a clear understanding of how each method operates within the Auth0 tenant to enable secure and scalable user authentication.

Conclusion

Authentication is a critical part of any application, but building it from scratch can be complex, risky, and time-consuming. Auth0 solves these challenges by offering a secure, flexible, and easy-to-integrate platform that supports database, passwordless, and social logins.

With features like seamless SSO, adaptive authentication, and strong compliance standards, Auth0 not only improves security but also enhances the user experience. By reducing development effort and simplifying identity management, it allows teams to focus on building core features while ensuring users have a safe and smooth login journey.

Reference Link

Authenticate Users with Database Connections | Auth0

Authenticate Users with Passwordless Connections | Auth0

Authenticate Users with Social Logins | Auth0

Implementing Okta Org2Org Integration with OIDC

Posted on August 28, 2025August 28, 2025 by Sanjay Selvaraj in Okta

Introduction

In today’s enterprise environments, organizations often operate in complex identity ecosystems, especially when they span multiple business units or partner organizations. For businesses using Okta as their Identity Provider (IdP), cross-tenant access can become a hurdle without proper integration strategies. One powerful solution to this challenge is the Okta Org2Org integration using the OpenID Connect (OIDC) protocol, which allows for secure and seamless identity federation between two separate Okta tenants.

Problem Statement

Employees from the WIC Okta tenant regularly need to access customer-facing applications hosted within the CIC Okta tenant. However, this currently requires them to maintain separate credentials for each tenant. This fragmented login experience leads to user confusion, slower access times, and diminished productivity.

From an IT and security administration standpoint, managing duplicate user accounts, enforcing consistent security policies, and maintaining compliance across tenants introduces unnecessary complexity and risk. Without a centralized authentication strategy, organizations struggle to ensure unified access control, increased visibility, and a consistent user experience.

Solution

To address these challenges, we propose implementing Okta Org2Org integration using the OIDC protocol. This allows WIC users to authenticate into CIC-hosted applications using their existing WIC credentials providing a Single Sign-On (SSO) experience.

The Org2Org integration treats the WIC Okta tenant as an Identity Provider (IdP) and the CIC tenant as a Service Provider (SP). Leveraging OIDC, this setup enables token-based authentication and seamless identity federation without the need for duplicate accounts.

Use-Case Overview:

Check out the presentation below to explore how to set up Okta Org2Org Integration using OIDC, enabling secure identity federation between multiple Okta tenants.

Technical Demonstration:

Watch the demo below to see a step-by-step configuration of Okta Org2Org Integration using OIDC, enabling secure and scalable identity federation between tenants.

Conclusion

The Okta Org2Org integration using OIDC creates a robust and user-friendly SSO experience across different Okta tenants. By bridging identity systems and automating authentication through federation, enterprises can streamline user access, improve security posture, and reduce administrative friction. As multi-tenant setups become increasingly common in large organizations, implementing solutions like these ensures smooth, secure, and scalable identity management.

Reference Links

Org2Org Integration | Okta

Secure API connections between orgs with OAuth 2.0 | Okta

Auth0 Custom Database Authentication and Migration Strategies

Posted on August 26, 2025 by Pranavi Jillellamudi in Okta

Introduction

Auth0, a leading identity management platform, provides robust solutions for businesses seeking to migrate from legacy authentication systems to modern, scalable identity management. This blog examines the implementation of Auth0’s external custom database authentication feature and various migration approaches that enable organizations to transition seamlessly from existing user databases to Auth0’s managed infrastructure.

The custom database connection feature serves as a critical bridge, allowing organizations to authenticate users against their existing databases while gradually moving to Auth0’s native user store. This approach minimizes disruption to business operations and provides flexibility in managing complex migration scenarios across multiple applications and user bases.

Problem Statement

Organizations face significant challenges when modernizing authentication infrastructure, particularly those operating with legacy systems that store user credentials in proprietary databases. These custom-built systems often lack modern security features such as multi-factor authentication, advanced threat detection, and compliance with current standards like OAuth 2.0, creating substantial technical debt and security vulnerabilities.

Migration from legacy systems presents complex decisions around timing and approach. Organizations must balance the need for rapid modernization against operational constraints, user impact considerations, and business continuity requirements. Some organizations require immediate, comprehensive migration due to compliance deadlines or security mandates, while others prefer gradual transitions that minimize risk and allow for thorough testing.

Legacy authentication systems frequently fail to meet modern security and compliance requirements, lacking advanced capabilities required for GDPR, CCPA, and industry-specific regulations while struggling with scalability limitations that impact user experience.

Solution

Auth0’s external custom database authentication addresses these challenges through flexible migration strategies that accommodate different organizational needs:

Custom Database Connection Framework: Auth0 enables organizations to authenticate users against existing databases through custom Node JS functions that handle login verification, user profile retrieval, and password management. This framework supports both progressive migration scenarios where users gradually transition to Auth0’s native database, as well as non-migration implementations where organizations maintain their external user database permanently while leveraging Auth0’s authentication services and security features.

Progressive Migration Strategy: Organizations can opt for “lazy migration” where users automatically transfer to Auth0’s database upon their first successful authentication. This approach ensures zero downtime while systematically modernizing the user base over time, allowing users to be distributed between legacy and Auth0 databases during transition with flexible timelines.

Bulk Migration Strategy: For organizations requiring rapid, comprehensive migration, Auth0 supports bulk user import processes that transfer entire user databases in planned maintenance windows. This approach includes password hash migration support, user profile mapping, and validation processes to ensure data integrity while enabling rapid modernization for compliance or operational requirements.

Hybrid Implementation: Organizations can leverage both strategies simultaneously, using bulk migration for inactive user segments while implementing progressive migration for active users. This combined approach optimizes migration efficiency while minimizing user disruption and operational risk based on business priorities.

Use-Case Overview

This comprehensive guide covers Auth0’s custom database connections, authentication flows, and proven approaches to upgrade your identity system without disrupting the user experience.

Use-Case Demonstration

Watch as we implement Auth0 Custom Database authentication and migration from scratch using a real application.

Conclusion

Auth0’s external custom database authentication provides strategic flexibility for organizations modernizing their identity management infrastructure. The availability of progressive, bulk, and permanent external database strategies enables organizations to select the optimal approach based on their specific requirements and business objectives while providing immediate security and user experience improvements.

Success factors include thorough assessment of organizational requirements, comprehensive testing of migration approaches, and clear stakeholder communication. This strategic shift positions organizations for continued growth and adaptation in an increasingly digital business environment.

Reference Links

Implement and Authenticate using Custom Database Connections

User migration strategies

User Import job endpoint

Implementation of Progressive Profiling

Posted on August 26, 2025 by Pranay Karne in Okta

Introduction:

In today’s digital landscape, user experience is everything. Asking for too much information upfront can lead to friction, while asking too little can limit personalization. That’s where progressive profiling comes in a smart, user centric approach to collecting data gradually over time. In this blog, we’ll explore how to implement progressive profiling using Auth0, a powerful identity platform that makes it easy to manage authentication and user data.

Through hands-on examples and real-world scenarios, you’ll learn how to tailor user journeys based on what information is already available and what’s still missing. Whether you’re building a new app or enhancing an existing one, this guide will help you strike the perfect balance between security, personalization, and user convenience.

Problem Statement:

In today’s digital-first world, businesses strive to offer personalized experiences while maintaining strong security and user privacy. However, collecting too much information upfront during user registration can lead to friction, abandonment, and poor user experience. Traditional identity systems often require users to fill out lengthy forms, which not only frustrates users but also results in incomplete or inaccurate data. This creates challenges for marketing, customer support, and compliance teams who rely on rich user profiles.

Solution:

The integration of progressive profiling with Auth0 empowers organizations to build richer user profiles over time without compromising user experience or security. Instead of requiring all personal details during initial signup, Auth0 enables businesses to collect user data gradually based on context, behavior, and engagement level.

When a user logs in or interacts with specific features, Auth0 can trigger custom flows using Actions to check for missing profile attributes and prompt users to provide them. This dynamic approach ensures that data collection is relevant and timely, improving accuracy and reducing friction. Auth0 securely stores this information in user metadata, allowing organizations to personalize experiences, segment users, and meet compliance requirements.

Use-Case Overview:

Check out the video below to gain a clear understanding of Progressive Profiling and how to implement it effectively using Auth0.

Use-Case Demonstration:

Here’s is the technical demonstration on implementing the progressive profiling, demonstrating how to incrementally collect user data across sessions while maintaining a secure and seamless authentication experience.

Conclusion:

Progressive profiling is a powerful strategy for enhancing user experience while collecting valuable data over time. By integrating it with Auth0, developers can implement a secure, scalable, and user-friendly approach to gradually enrich user profiles without overwhelming them during initial sign-up. This method not only improves conversion rates but also ensures that data collection aligns with user engagement and trust.

With Auth0’s extensibility through Actions, and custom APIs, implementing progressive profiling becomes straightforward and adaptable to various business needs. Whether you’re aiming to personalize content, streamline onboarding, or improve analytics, progressive profiling offers a smart path forward. As you continue to build and refine your identity management strategy, consider how progressive profiling can help you strike the right balance between user convenience and data depth.

Reference Link:

Configure a progressive profile form using Forms | Auth0

Auth0 Actions

Self Service Access Request for AD Joined Servers

Posted on August 8, 2025 by Akshit Konaperthi in Okta

Usecase Overview
Solution
Prerequisites
Theoretical Demonstration
Technical Demonstration
Benefits
Reference Links

Usecase Overview

An organization needs to secure access for their servers by ensuring that users can request access only based on their specific roles or departments. All access requests must go through a formal approval process to validate the appropriate permissions granted. Users should be granted access exclusively to the actions permitted by their assigned roles. Additionally, to enhance security, the organization requires regular password rotation for all server accounts. The system must also record all user sessions and securely store these logs on the gateway for monitoring and auditing purposes. The challenge is to implement a security framework that enforces these controls effectively to maintain strong security and tight control over server access.

Solution

By leveraging Okta, we can implement the above Usecase. For Access request we are going to utilize Okta Access request capability, with this we can control the approval levels and also segregate the request types based on the department or role and for the Servers we can utilize the Okta Advanced Server Access feature for access to AD Joined Servers and also it stores the user activity with the help of Session recording feature. For managing AD server accounts password rotation, we can utilize the Okta Privileged Access feature. By combining all the Okta products, we can build a robust and secure access management solution for your sensitive resources.

Prerequisites

A running instance of On Prem Active Directory.
A running instance of Linux Gateway for session recording.
A domain joined windows server which acts a target resource.
Super admin privileges to access Okta Tenant.
Admin access to Okta Privileged Access, Okta Advanced Server Access & Okta Access Request.
Required access to Okta Workflows Application
Feature – Manage Active Directory Accounts for Okta PA must be enabled. For more details contact to the Okta Support team.
Feature – Delegated workflow for Access Request must be enabled.

Theoretical Demonstration

Please watch the video to understand why we are configuring SSR on AD-joined servers with password rotation using Okta.

Technical Demonstration

Watch a demonstration on effortlessly handling identities in Okta and setting up access requests for AD Joined Servers and accounts, along with password rotation and session recording features to improve efficiency, security, and auditing.

Benefits

Automated access grants and revocations which enables quick and error-free granting and revoking of AD server account access.
Okta PA automatically changes or rotates AD account passwords, keeping them safe and reducing hacking risks.
All access and actions are recorded, making it easy to audit and meet compliance.
Strong authentication and session recording prevent misuse and assists in investigating issues.
Everything is automated, so IT spends less time on manual work and users get access faster.

Reference Links

Okta Advanced Server Access

Managing AD Accounts using Okta Privileged Access

Okta Access Requests

Okta Workflows

Integrating CrowdStrike with Okta for Enhanced Security

Posted on July 25, 2025 by Tanuja Bhogi in Okta

Introduction:

In today’s environment, securing access to company resources has become increasingly complex as organizations adapt to remote and hybrid work models and face constantly evolving cyber threats. Recognizing these challenges, CrowdStrike and Okta have formed a strategic partnership to deliver a tightly integrated solution that unites identity management with endpoint security. By sharing real-time information about the user’s identity and the health of their device during each login attempt, this integration empowers security teams to make intelligent access decisions that keep threats out while maintaining a smooth experience for legitimate users.

With this approach, businesses can quickly adopt the Zero Trust security framework, ensuring that only trusted users on secure devices are allowed to access sensitive systems and data, no matter where they work or what devices they use.

Use-Case Overview:

Check out the presentation video to have an understanding about the use-case around integrating CrowdStrike with Okta.

Use-Case Demonstration:

Here’s the technical walkthrough on the integration between CrowdStrike & Okta.

Conclusion:

In conclusion, integrating CrowdStrike with Okta empowers organizations to implement zero trust security by leveraging real-time device risk insights alongside intelligent identity access controls. This collaboration enables Okta to make adaptive, security-driven access decisions such as enforcing extra authentication or blocking risky devices ultimately increasing protection, simplifying compliance, and enhancing the user experience across remote and hybrid environments.

Reference Links:

Endpoint security integrations | Okta Docs

Integrating CrowdStrike with Okta | Okta Docs

Okta Access Requests using Workflows

Posted on July 25, 2025 by Leela Krishna Paluru in Okta

Introduction:

In the current digital environment, identity and access management (IAM) is essential for safeguarding an organization’s systems and data. With the growing adoption of cloud-based applications and services, managing access to these resources has become more challenging. Implementing effective identity governance is crucial to ensure that individuals have access to the appropriate resources at the correct time and for legitimate purposes.

The organization has already made significant progress in securing application access by using Okta for Single Sign-On and Adaptive Multi-factor Authentication. These solutions have enhanced security and streamlined user access. Nevertheless, the existing process for requesting access and provisioning remains manual, depending heavily on emails and spreadsheets.

Problem Statement:

The organization’s method for manually requesting and provisioning access is highly inefficient and susceptible to mistakes, resulting in delays for employees, heightened security risks due to inconsistent access controls, and compliance issues that could lead to regulatory violations. The absence of automation and transparency in the access request and provisioning process results in excessive administrative work, escalating costs, and decreased productivity, while also complicating the tracking and auditing of access modifications.

This manual approach places the organization at risk for potential security breaches, insider threats, and damage to its reputation, ultimately obstructing our ability to function effectively, securely, and according to industry regulations and standards.

Use-Case – Presentation:

Use-Case – Demonstration:

Conclusion:

By adopting Okta identity governance, particularly Okta Access Governance, along with Workflows and Lifecycle management, the organization can effectively tackle the issues related to manual access requests and provisioning processes. This approach will allow the organization to automate and simplify access management, enhance security and compliance, and boost operational efficiency. With automated workflows, self-service access requests, and real-time insight into access permissions, we can mitigate the risk of security breaches, enhance user productivity, and ensure adherence to regulations.

Ultimately, this solution will assist the organization in establishing a secure, efficient, and scalable identity governance framework that supports our business objectives and enables the organization to flourish in an increasingly dynamic digital environment.

Reference Links:

Access Requests | Okta

Teams integration with Access Request | Okta

Workflows | Okta

Salesforce Connector | Okta

Microsoft Teams Connector | Okta

Create request type | Okta

Okta WIC Core Capabilities

Posted on July 4, 2025 by Dinesh Runjala in Okta

About Okta:

Okta is a trusted player in Identity & Access Management domain & is renounced for its best-in-class products & services. By leveraging the cloud, Okta allows users to access applications on any device at any time, while still enforcing strong security controls. Okta integrates with your organization’s existing directories, HRMS / Application directories and 3^rd party identity systems to establish a central directory structure. Okta got an app catalogue of 8,000+ app integration which facilitates the users to have seamless SSO experience to access the integrated entitled applications from a single dashboard. Okta Workforce Identity cloud is a platform for your employees, contractors, or partners to access your organization’s digital resources.

Okta platform is spread across the Identity Domains and the capabilities around those core pillars.

Access Management.
Identity Governance & Administration.
Privileged Access

Access Management:

Access Management primary focus of interest is around granting & revoking privileges to access an application or data or perform any actions on the applications / systems. The main objectives of Access Management are to authenticate the users, authorizing the actions attempted by the users & accounting the activities / actions performed.

Okta is aligned to these guiding principles and ensures the right users have access to the right resources at the right time through a variety of products & services listed below.

Single Sign-On
Adaptive Multi Factor Authentication
Password-less Authentication
Identity Federation
Access Gateway
Security Policies
Behaviors detections
Identity Threat Protection

Identity Governance & Administration:

Identity Governance & Administration focuses on governance, compliance & visibility across identities spread across the organizations. Identity governance is about policies around separation of duties, access requests for role management, access certifications to validate the access privileges, finally analytics & reporting. While Identity Administration is focused on provisioning the users to the requested applications / resources, managing the changes in the user role with appropriate access privileges & deprovisioning the access privileges when access is no longer required. IGA systems are designed to give organizations visibility into access sprawls and provide better controls to identify and limit access creeps to their resources.

Okta manages IGA diligently and the IGA architecture is perfectly balanced by leveraging the following products & services:

Access Governance
- Access Requests
- Access Certifications
- Reporting
- Entitlement Management
Lifecycle Management
Okta Workflows

Privileged Access Management:

Privileged Access Management revolves around securing & monitoring access to critical systems initiated by privileged users such as IT administrators, Application Owners, Contractors or 3^rd party vendors who manage the infrastructure on your behalf. Users who hold privileged accesses are susceptible to cyber security attacks and if left unnoticed, results in a higher risk impacting the organization overall security posture. Compromising the privileged accounts will let the malicious actors have the key to the organization’s digital assets.

Okta being a cloud Identity Provider & with the tight integrations between these core pillars, Okta Privileged Access facilitates organizations to reduce risk by leveraging the IGA & Access Management services for privileged resources irrespective of the resource origins, cloud or on-premises servers. This will deliver better visibility, security, and compliance, without compromising on the user’s experience. Okta Privileged Access key capabilities are as follows:

JIT access to the infrastructure
Session recording & Auditing
Secrets Vaulting
Privileged Access Governance
Service Account management for Applications.

Demonstration of Core Capabilities:

Here’s the video comprising the core capabilities & working flow showcasing few real-time scenarios.

Reference Links:

Single Sign-On | Okta

Adaptive Multi-Factor Authentication (AMFA) | Okta

Identity Governance | Okta

Okta Privileged Access | Okta

Streamlining Access to Multiple Zoho Applications with Okta SSO Integration

Posted on April 7, 2025 by Tanuja Bhogi in Okta

Introduction
Usecase Overview
Usecase Demonstration
Conclusion
Reference Links

Introduction:

In today’s digital landscape, Organizations often use multiple business applications like Salesforce, Office 365, including HRMS tools like Zoho People Plus and Zoho Recruit, CRM platforms to manage their operations. Employees are required to log in separately to each application, resulting in inefficiencies, wasted time, and a fragmented user experience.

To address the challenges of managing multiple applications within the Zoho portfolio, such as Zoho People Plus, Zoho CRM, and Zoho Recruit, we use a simple and effective solution by integrating Zoho Directory with Okta through SAML 2.0.

Usecase Overview:

Check out the presentation video to have an understanding about the use case around integrating Zoho with Okta.

Usecase Demonstration:

Here’s the technical walkthrough on the integration and provisioning between Zoho & Okta.

Conclusion:

In conclusion, integrating Okta with Zoho portfolio has significantly streamlined the users access to the platform. With Okta’s Single Sign-On (SSO) capabilities, users can now seamlessly log in to multiple Zoho applications without remembering multiple passwords, reducing login times and increasing productivity. The integration backed up with Okta’s Sign-On policies, enhances organization security posture by providing an additional layer of authentication, ensuring that only authorized personnel can access sensitive customer data. By streamlining Zoho access with Okta, we have improved user experience, increased efficiency and strengthened security.

Reference Links:

Integrating Zoho with Okta | Zoho Docs

SailPoint IdentityIQ Prod Architectures

Posted on March 25, 2025 by Kishore Gaddam in Identity Governance, Sailpoint, Technology

Introduction:

IT infrastructure and operations are critical assets for businesses to function smoothly. Disaster recovery management involves planning and implementing strategies to ensure that an organization can quickly recover from disruptive events, such as natural disasters, cyberattacks or equipment failures. IT disaster recovery management is a way to save the business from negative consequences of these risks.

Such scenarios can present a direct threat to business continuity and survival. The impact can be in the form of financial losses, operation disruptions, reputation loss, or even legal consequences.

This blog post discusses disaster recovery management and the best practices to adopt.

Disaster Recovery:

Disaster recovery is the process by which an organization attempts to prevent or minimize the loss of business and data in the event of a disaster. It is about how an organization bounces back and regains normalcy after the catastrophic impact of such events.

Disasters can have significant impacts on software systems, affecting both the functionality and security of applications.

Some key impacts:

Data Loss: Disasters can lead to the loss of critical data, especially if proper backup systems are not in place.
Downtime: Software systems may experience prolonged downtime, disrupting business operations and leading to financial losses.
Security Breaches: Disasters can expose vulnerabilities, making systems more susceptible to cyberattacks and data breaches.
Corrupted Data: Data corruption can occur during disasters, leading to inaccurate or unusable information.
Service Disruptions: Essential services and applications may become unavailable, affecting users and customers.

For example, in 2024, OpenAI experienced a major outage due to a misconfiguration in their Kubernetes system, which disrupted key services like ChatGPT and Sora for several hours. This incident highlighted the importance of proper configuration management and disaster recovery planning.

SailPoint Disaster recovery plan for business continuity. It refers to the processes and procedures to ensure the uninterrupted functioning of the business’s during and after a disruptive event.

The simple flow illustrates the DC-DR strategy.

Data Center-Disaster Recovery (DC-DR) architecture has several advantages.

Advantages:

Business Continuity: Ensures that critical business operations can continue during and after a disaster, minimizing downtime.
Data Protection: Provides robust data backup and recovery solutions, safeguarding against data loss.
Compliance: Helps meet regulatory requirements for data protection and disaster recovery.
Scalability: Can be scaled to accommodate growing business needs and data volumes.

This video explains the SailPoint IdentityIQ Production Architecture and business continuity plan strategies.

Prerequisites: (DC-DR works for all latest versions).

The below software’s are used by our ENH environment.

SailPoint IIQ
JDK
Tomcat (any application servers).
NGINX (Load Balancer)
Database (Mysql)
Linux (OS)

The Key points of Disaster recovery is Data Replication and Load balancing.

Database Replication:

Steps – How database replication works:

Step 1: Identify the Primary Database (Source): A primary (or master) database is chosen as the main source of truth where data changes originate.
Step 2: Set Up Replica Databases (Targets): One or more replicas (or secondary databases) are configured to receive data from the primary database.
Step 3: Data Changes Captured: Any updates, inserts, or deletes in the primary database are recorded, typically through a transaction log or change data capture mechanism.
Step 4: Transmit Changes to Replicas: The captured changes are sent to replica databases over the network in real-time or at scheduled intervals.
Step 5: Apply Changes on Replicas: The replicas apply these updates to keep their data in sync with the primary database.

Load Balancing:

In an active-standby (or active-passive) load balancer setup, the primary load balancer (active) handles all the traffic under normal conditions, while the secondary load balancer (standby) remains on standby, ready to take over if the primary load balancer fails.

Steps – How Load balancers works.

Primary Load Balancer (Active):
1. Actively manages and distributes incoming traffic to the servers in the primary data center (DC).
2. Continuously monitors the health and performance of the servers and the network.
Secondary Load Balancer (Standby):
1. Remains on standby, not handling any traffic under normal conditions.
2. Regularly synchronizes with the primary load balancer to stay updated with the current state and configurations.
Failover Process:
1. If the primary load balancer detects a failure or significant issue, it triggers the failover process.
2. The secondary load balancer becomes active and starts handling the traffic, ensuring minimal disruption to services.
Failback Process:
1. Once the primary load balancer is restored and verified to be fully operational, traffic can be redirected back.
2. The secondary load balancer returns to standby mode, ready for any future failover events.

This setup ensures high availability and reliability by providing a backup load balancer that can quickly take over in case of a failure.

The following demo video is a deep dive demonstration of SailPoint Disaster recovery plan and failover configurations using our ENH environment.

Recommendations:

NGINX (Load Balancer):

Configure only UI servers in Load Balancer.
Sticky Sessions: Configure the load balancer for sticky sessions (also known as session persistence) to ensure that user sessions are consistently routed to the same application server.
We recommend active-standby (or active-passive) load balancer setup.

Database:

Configure your database for replication to ensure high availability and disaster recovery. Use native database replication features like MySQL replication or Oracle Data Guard.
Data base must be one phase commit.
While replicating make sure only identityiq, identityiqah, identityiqPlugin are replicated.