SugarIdentity FAQ

This document lists the Frequently Asked Questions(FAQ’s) related to SugarIdentity.

What is SugarIdentity?

SugarIdentity is a federated identity solution based on industry standards provided by SugarCRM to allow customers to securely manage user identities as well as provide a unified experience to applications and services in the SugarCRM ecosystem.

If my instance is configured to use SAML/LDAP, what should I expect when my SugarCloud instance is migrated to SugarIdentity?

The migration process consists of the following steps:

  1. SugarCRM will clone your production instance to create a test instance
  2. SugarCRM will enable SugarIdentity for the clone
  3. Together, you and your SugarCRM support representative will configure SSO in SugarIdentity following this guide: 



  1. This process will then be repeated for all your Production instance(s)

Will I have to change any of my current settings?

The SugarIdentity interface for managing SAML or LDAP settings is slightly different, but all options for settings will remain. Your SAML or LDAP configuration will have 100% compatibility with SugarIdentity. 

Will there be downtime during the migration to SugarIdentity?

While you are actively migrating, there will be a short period where users will not be able to log into the application. Because the migration is planned in advance with SugarCRM support, it can be performed during a timeframe where this has minimal impact on your users.

I have questions about my SAML/LDAP configuration and how it will work with SugarIdentity. How can I find out more?

Please contact us at and we will be happy to assist.

What should I expect when my SugarCloud instance is migrated to SugarIdentity?

Once your SugarCloud instance is enabled with SugarIdentity, it will provide you comprehensive single sign-on capabilities for your Sugar application, Sugar Plug-in for Outlook and Sugar Mobile.The SugarIdentity service is managed via the Cloud Settings console. When a Sugar instance uses SugarIdentity, the administrator will access SugarIdentitiy in the Cloud Settings console to create and manage user records, manage password requirements, as well as set up LDAP or SAML authentication

Can I reschedule my migration to SugarIdentity? 

All SugarCloud instances are scheduled to migrate to SugarIdentity over the course of Q1, 2020. If your instance is using SAML or LDAP, you will be notified separately on your migration to SugarIdentity. Please contact for any concerns regarding your migration.

Does my instance use SugarIdentity and how do I access it?

To determine if your instance is SugarIdentity enabled, navigate to your user profile in Sugar and click "Edit". If your instance is SugarIdentity-enabled, a pop-up message will appear stating that you as Sugar admin need to access Cloud Settings to make changes to read-only fields. 

For regular users, the message will indicate to contact the Sugar administrator to make changes to read-only fields. Clicking on the “Cloud Settings” link will take you to the Cloud Console where you can manage your SugarIdentity users and settings. 

Who has access to the Cloud Settings console?

If your Sugar instance is IDM enabled then Sugar administrator should have access to the Cloud Settings console.

As an administrator, how do I create, update or delete users?

As an administrator, you will have access to the Cloud Settings console. To learn how to create and update users, please refer to our User Management guide. 

How do Administrators manage another user’s Sugar password?

Each user can reset their own password using the “Forgot Password?” feature on the login screen. This feature will send the user an email to the email address associated with their username, which contains a link where they can reset their own password. If an administrator needs to change a user’s password, they can temporarily change the user’s email address in Cloud Settings Console, then use the “Forgot Password?” feature with that user’s username.

How does SugarIdentity impact user access to test and development clones?

Each instance, including clones of the production instance, will be provisioned with their own unique SugarIdentity tenant. When a production instance is cloned, or when an existing clone is reset to match the production instance, the instance files and database are copied from the production instance, but the SugarIdentity tenant is not copied. When the new clone is provisioned, a new SugarIdentity tenant is provisioned for it from the data in the new clone’s database. None of the user credential or SSO configurations in the production SugarIdentity tenant are copied from production instance when cloning an instance. The new SugarIdentity tenant might require configuration of these details to enable expected access.

Is there a way to Mass Update user profiles?

SugarIdentity does not have mass update functionality. Multiple users can be created at once using the import feature in Cloud Settings console. Each existing user needs to be configured individually.

How does user data sync between SugarIdentity and my Sugar Instance?

During the initial SugarIdentity enablement, data is synced to SugarIdentity from the instance database. Thereafter, data is never synced from the instance to SugarIdentity. Data changed in Cloud Settings syncs to the instance at the time the changes are saved in Cloud Settings.. Login credentials, Password and Username, are never synced to the instance, remaining stored in SugarIdentity only.

Further questions about your SugarIdentity instance(s) in SugarCloud?

Please contact and we will be happy to assist. 


Top Comments

  • Hi -- As of today, SugarIdentity does not provide any public facing APIs to update users. We are currently laying the groundwork for this behind the scenes, and will be sure to publish in our release notes when it's available.

    A couple things come to mind...we do provide a UI for creating users via bulk import with SugarIdentity. If you are using an Identity Provider, you can set it up with SCIM to automatically sync user changes. Lastly, we just added a bunch of functionality in the past few months that make bulk editing users easier via our UI. I know none of these are the exact solution you are looking for, but I hope they can save you some time until our SugarIdentity APIs are exposed.

  • On one of our on premise instances, we have a feature where we are programmatically creating and updating users via a scheduled job.

    When we move to the Sugar Cloud with Sugar identity, we understand we could still update existing users but would we be able to programmatically (via an API)c create newusers in SugarIdentity which would then sync to the Cloud Instance.