Windows Security Identifier data in the User Authorization Manager data store is extracted from the source system and converted to User Principal Name format. This data is migrated to the target vRealize Automation system.

Role membership identifies users and groups who are using Windows Security Identifier (SID) format. In vRealize Automation, this information is stored in a Single Sign-on (SSO) authorization store. The SSO store identifies each user and group by using a UPN format. All security identifiers are migrated to the SSO store in the target system.

The following table contains an example of the two formats.

Table 1. Example of User Name Equivalent in SID and UPN format

Source SID Domain Format Sample User

Target UPN Format Sample User



vRealize Automation only accepts security identifiers in UPN format.

During the process of migrating user information, vCloud Automation Center 5.2 security data in Windows Security Identifier format is extracted and converted to UPN format by connecting and querying the Active Directory domain for UPN identifiers. The converted fully qualified UPN identifiers are cached in temporary tables to be committed to the vRealize Automation authorization store.

The migration process creates one principal extension for each UPN and adds the extensions to the target default tenant.

For related information, see Prerequisites for vRealize Automation Migration. For details about establishing domain trust during vRealize Automation installation and configuration, and about configuring the Identity Appliance see Installation and Configuration in the vRealize Automation documentation.