Upgrading the Access Management service

Follow this process to upgrade the Access Management service to v10.

Before you begin

Before upgrading the Access Management service, you need to have first upgraded the database.

To run PowerShell scripts for software, you require a machine that meets the following requirements:
PowerShell
You require Microsoft Windows PowerShell 5.1. You can download Microsoft Windows Management Framework 5.1, which includes Microsoft Windows PowerShell 5.1, from this location: http://aka.ms/wmf5download
Operating system
You require an operating system that supports both the required PowerShell software and any software for the database you intend to install. As a general rule, ensure that the latest (security) updates are installed on your operating system.
Microsoft .NET Framework
You require a .NET Framework version. The one to use depends on your Windows Server operating system version:
Security
You need to be logged in as a user with sufficient security clearance. For example, to run a script that installs a database, you must be logged in as a user with rights to create that database.

The steps that follows represent a high-level process, which includes several tasks that are individually explained in other topics. For details on the individual tasks, refer to the related topics.

Procedure

  1. On the machine where the Access Management service is installed, locate the service's appsettings.json file and back it up to a safe location.
  2. Uninstall old Access Management service. Rename it, if needed.
  3. From the Tridion Sites 10 installation media, copy the entire root-level folder Access Management\ to a folder of your choice on the target machine.
  4. Locate the new version of appsettings.json and merge in your changes from the backed-up copy. If the backed-up file is encrypted, you will need to decrypt it first.
  5. In the merged file, locate the Bootstrap section and note the bootstrap files listed for the environment. The bootstrap files contain predefined data for the environment, including definitions of applications, roles, and service accounts.

    Predefined data and bootstrap files are part of a Tridion Sites 10 enhancement to Access Management. By default, the configuration defines a bootstrap file for Access Management itself along with the Add-ons Service and Content Manager. The upgrade process does not alter your existing service accounts. After upgrading, you will have two service accounts for each of the applications, one old and one new. You can keep using the old accounts without issue or you can switch to the new accounts.

    The following are things to consider about the two options:
    • Keep using the old service accounts. For the new bootstrapped accounts, you have two options:
      • Do nothing and simply ignore the new accounts.
      • Delete the new accounts from each modules's bootstrap file and also in the user interface.
    • Switch to the new service accounts. To do so, update the configuration file for each application that uses the service account so that it references the new account instead of the old one. For example, for the Add-ons Service, you need to update the addonsSettings.json file on all Content Manager machines. After updating, you can then remove the old service accounts in the user interface.
  6. Install a new Access Management service that uses the upgraded database.

Results

The Access Management upgrade is now complete.