IdentityServer4 was a central component of the authentication architecture at Schauer Agrotronic for many years. With the official end of life, it became clear that this component could no longer be operated securely or strategically in the medium term. The key decision was therefore not whether, but how to migrate: Duende IdentityServer as the technical successor with a similar architectural approach or Microsoft Entra ID as a fully managed, cloud-native identity platform. The decision was consciously made in favor of Entra ID – with regard to maintainability, integration depth in Azure, and long-term operating models.
Schauer Agrotronic migrates identity infrastructure to Microsoft Entra ID
Schauer Agrotronic GmbH develops and operates, alongside mechanical and electronic barn technology, a comprehensive digital service landscape for connected machines, portals, and Backend services. The authentication of these systems was based on IdentityServer4 for many years.
With the End of Life (EOL) of IdentityServer4, there was a clear need for action: the existing identity platform had to be replaced. The options discussed included switching to Duende IdentityServer as the direct successor or a strategic realignment towards a cloud-native solution with Microsoft Entra ID. The goal was a sustainable decision for the coming years – without risk to running systems and without interventions in devices already delivered in the field.
Project advantages at a glance
- Future-proof identity strategy instead of short-term legacy continuation
- Risk-free, step-by-step migration despite non-adjustable devices in the field
- Significantly simplified operation through Azure-native Identity and IaC
Details
- Client: Schauer Agrotronic
- Project: Microsoft ID Server in Azure
- Technology: Microsoft Entra ID, ASP.NET API, Bicep
- Hosting: Microsoft Azure
Initial situation: IdentityServer4 reaches End of Life
Special challenge: Devices in the field without update possibility
A central risk of the migration was the large number of machines already delivered. The authentication mechanism on these devices can only be adapted with great effort or not at all. A direct switch of all clients to a new identity provider would have endangered ongoing operations. A solution was required that can continue to operate existing devices unchanged and enable new identity flows in parallel, as well as allow a controlled, gradual migration
Solution Architecture: Microsoft Entra ID with Temporary Middleware
As a central technical solution component, a temporary middleware based on an ASP.NET API was introduced, which mediates between devices, services, and the deployed identity providers. This middleware acts as a controlled switching point within the authentication architecture. Devices and services continue to address their known DNS-based endpoints, so no changes to existing device code are necessary. By default, requests are forwarded to the previous identity server, while individual device types or services can be specifically switched to Microsoft Entra ID via configuration. The switch is testable and reversible at any time, allowing new authentication flows to be introduced gradually and without risk. In this way, a migration without a big bang approach was realized, completely without interventions in devices already deployed in the field.
With the end of life of IdentityServer4, we had to make a long-term decision. Switching to Microsoft Entra ID gives us a stable, maintainable identity foundation without jeopardizing existing devices or services.
Bernhard Eder
/ CTO, Schauer Agrotronic
Technical modernization in the course of migration
In parallel with the replacement of IdentityServer4, the existing Azure environment was structurally modernized. This involved building a clearly structured tenant and resource architecture, into which existing components were transferred to a new corporate tenant. The entire infrastructure was consistently implemented as Infrastructure as Code using Bicep to ensure repeatable deployments, clean versioning, and better traceability of changes. These measures not only improved the identity platform itself but also created a stable and maintainable foundation for the operation, further development, and governance of the entire cloud environment.
Numbers that make an impact!
Reach, team size, and project duration at a glance – compact, comprehensible, measurable.
5000
migrated services / clients
190
Hours/month less operational effort
63
x faster deployments
Head of Business Development
Do you have any questions?
Do you want to advance the digitalization of your company? Are you looking for a specialist to implement a software solution, or are you currently exploring promising ideas and options? We are here to support you with advice and assistance!
Frequently Asked Questions
IdentityServer4 has reached end of life and is no longer being developed or supported.
Microsoft Entra ID offers a long-term managed, Azure-native alternative with lower operational effort.
Through a temporary middleware that specifically forwards authentication requests to the old or new identity provider.
No, it remains in place until current device generations are phased out.
For manufacturers with durable, connected devices and complex identity dependencies.