:PROPERTIES:
:ID:       7ddbbc9f-a3a9-4ef3-b751-3f12be315482
:END:
#+title: SX EOL Phase 1 Presentation
#+Author: Yann Esposito
#+Date: [2024-04-23]

- tags :: 
- source ::

* SecureX EOL Cases

- What occurs during downgrade
- What occurs for an XDR admin
- What occurs for an SX admin when they go XDR after 31th July
- What occurs to Sat user in XDR if they downgrade to SC?
- What should be the roles

** Existing SecureX Orgs
*** IdP

- SXSO => easy
- CSA  => should have been migrated to SXSO ?
- TG   => some beta Org with the XDR flag but no solution to migrate to PIAM

*** SX to XDR?

- XDR feature flag;
  - manually added; give access to SX and XDR
  - PIAM Provisioning =>
    - add a PIAM enterprise-id to the Org
    - remove access to SX, only XDR becomes available

*** Downgrading?

- PIAM Provisioning => remove entitlements ;
    undefined behavior
    currently no code taking care of this case.
    Now:
    - the XDR feature-flag stays
    - the PIAM enterprise-id is still kept
    - remove data retention policy, all data is here forever and never deleted.
      So, for example, expired XDR cost more than paying customer.
- Manual downgrade; remove the XDR feature-flag
  - XDR UI becomes inaccessible
  - XDR roles becomes inaccessible
    - if a user with an XDR-role only exists, IROH API, SX UI (or even SC UI) will probably break


*** Example

1. today SX
2. mark it as SC org
3. SX EOL comes => SC org
4. Upgrade to XDR
5. XDR expires
6. ??? should it become back an SC org? I would say yes.
   - Same issue with roles