Automated Application Migration Workflow
This technical demonstration walks through an end-to-end process for migrating identity applications from Okta to OneLogin using infrastructure-as-code principles. The workflow leverages Ansible for application extraction, Terraform for provisioning, and Spacelift for deployment orchestration across development and production environments. The presenter demonstrates migrating 14 applications from an existing Okta tenant into two OneLogin instances (dev and prod), showcasing how automation eliminates manual configuration work while maintaining governance controls through GitOps workflows and approval gates.
Environment Setup and Tooling
The solution architecture uses a public GitHub repository (automation-onelogin) containing reference Terraform configurations and Ansible playbooks. Two Spacelift stacks represent the dev and prod OneLogin environments, connected to test and main branches respectively in a private repository. An Ansible playbook extracts application metadata from Okta via API and generates a JSON inventory file that feeds directly into Terraform variables. Custom attributes for applications must be pre-configured in OneLogin's admin UI before running the automation, as this step cannot currently be performed through the API.
Delegated Administration and Production Promotion
The Terraform configuration automatically provisions application access roles and delegated admin permissions, enabling technical owners to complete application-specific configurations without full admin access. In the demonstration, a user named James receives delegated admin rights for two applications, allowing him to finalize OIDC settings and other connector details. Once testing completes in the dev environment, a GitHub pull request merges the test branch to main, triggering a Spacelift deployment to production with a manual approval gate. The entire migration process—from Okta extraction to production deployment—completes in minutes with full audit trails maintained in Spacelift.
