Twingate IdP Migrator
Problem
When an organization migrates to a new identity provider, Twingate syncs the new IdP's groups alongside existing ones, but the new groups start with zero resource access. Reassigning every resource, security policy, and access mode manually across potentially hundreds of groups and resources is tedious, error-prone, and risky.
Approach
Built a cross-platform desktop GUI application (Python + PySide6) structured as a five-step wizard. The GUI runs on the main thread while all Twingate GraphQL API calls run in a background QThread using asyncio.run(), keeping the interface responsive during long-running migrations. The tool fetches all groups and resources, then uses fuzzy name matching to suggest old-to-new group pairings with 0-100% confidence scores. Every run produces a mandatory dry-run preview before execution, and the application writes a complete JSON changelog enabling selective or full one-click rollback. All migrations are strictly additive - old group access is never removed. A built-in demo mode ships with a sample Okta → Microsoft Entra scenario (five groups, eight resources) for evaluation without touching a real tenant.
Outcome
Transforms a labor-intensive manual migration into a safe, repeatable process. Cross-platform single-file PyInstaller binaries for Windows, macOS (ARM + Intel), and Linux, with light/dark theme support. The mandatory dry run and full rollback capability give admins confidence during what is typically a high-risk change window. Published under the Twingate-Solutions organization, currently at v0.7.0.