Bragi Docs Help

Migrating from Internal to External Identity Management

Migrating Bragi from an internally managed identity provider (such as Identity) to an externally managed provider is a multi-step process.

This guide is intended for engineers responsible for infrastructure, user lifecycle, and system authentication.

Migration Steps

  1. Configure App Roles

    • Define app roles prior to switching provider.
      These mappings control permissions after migration.

    • Note: Existing user permissions assigned under the internal provider will not transfer. External app roles fully supersede them.

  2. Update Usernames

    • Ensure all user accounts have a username matching the external provider’s format.

    • For Azure Entra ID, this is usually the user’s corporate email address.

    • For local Active Directory, use the network login, typically in domain\username or username format.

  3. Edit Configuration

    • In appsettings.json, set the IdentityProvider field to match the chosen external system:

      • "AzureAd" for Entra (Azure Active Directory)

      • "Iis" for Windows authentication via IIS

      • "Identity" for Bragi’s built-in provider (for reference)

    • Save and restart the Bragi application for changes to be applied.

09 March 2026
IdentityUser-Based Permissions