How to change SSO Connect On-Prem servers with minimal down time.
Each subsequent server added to an SSO Connect provisioning method will automatically download the configuration and user SSO data when the SSO Connect successfully authenticates as an administrator with the SSO permission. This reduces the amount of "reconfiguration" needed to migrating to a new server or to make the server part of an HA environment.
Do not delete the SSO Connect provisioning instance on the Admin Console. Doing so will remove the configuration and orphan your SSO Connect servers.
1. Install the new SSO Connect server as previously done for Windows or Linux.
Each server will need to be at the same Keeper SSO Connect version. Recommend ensuring the initial (or active) SSO Connect is upgrade to the latest version prior to installing subsequent servers.
2. Depending on the configuration, the Private IP address field may need to be populated with the local IP address of the new server. If the initial SSO Connect server had the Private IP address configured, that data does not synchronize with the SSO Connect configuration since in most cases the private IP is unique to the individual server.
If after authenticating to the new server on the configuration page the service is Stopped. It is most likely due to the Private IP address not set correctly to let the service bind to the local IP of the NIC.
3. If the host-name is a DNS name that is not changing, then no reconfiguration is needed as the DNS record can point to the new server. If the host-name is changing with the new server, the host-name will need to be updated in the SSO Connect configuration.
4. If the host-name changes, it may affect the SSL certificate. If a wild card cert was used and the new server is satisfied by that wild card, no action is needed. If the SSL cert was specific to the server name, and a new server name (or IP address) is now the host-name, a new SSL certificate may be required.
5. When the new configuration is updated click save. The new server is ready to support the SSO authentication process.
When the configuration is saved on one server it replicated to the cloud and synchronizes to the other servers.