diff --git a/modules/distribution/src/assembly/filter.properties b/modules/distribution/src/assembly/filter.properties
index e59a6547..ea56eaca 100644
--- a/modules/distribution/src/assembly/filter.properties
+++ b/modules/distribution/src/assembly/filter.properties
@@ -19,7 +19,7 @@
 product.name=Entgra IoT Server
 product.key=IoT
 product.version=3.4.0
-product.doc.version=330
+product.doc.version=340
 
 carbon.version=4.4.26
 default.server.role=IoTServer
diff --git a/modules/distribution/src/core/api-resources/synapse-configs/default/api/_TokenAPI_.xml b/modules/distribution/src/core/api-resources/synapse-configs/default/api/_TokenAPI_.xml
index 74a0315b..d4dd08a1 100644
--- a/modules/distribution/src/core/api-resources/synapse-configs/default/api/_TokenAPI_.xml
+++ b/modules/distribution/src/core/api-resources/synapse-configs/default/api/_TokenAPI_.xml
@@ -2,7 +2,26 @@
     <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
         <inSequence>
             <property name="uri.var.portnum" expression="get-property('system','iot.keymanager.https.port')"/>
-	    <property name="uri.var.hostname" expression="get-property('system','iot.keymanager.host')"/>
+	        <property name="uri.var.hostname" expression="get-property('system','iot.keymanager.host')"/>
+            <filter source="$body//scope" regex="PRODUCTION">
+                <then>
+                    <payloadFactory media-type="xml">
+                        <format>
+                            <xformValues>
+                                <refresh_token>$1</refresh_token>
+                                <grant_type>refresh_token</grant_type>
+                            </xformValues>
+                        </format>
+                        <args>
+                            <arg xmlns:m0="http://services.samples/xsd" expression="//refresh_token" />
+                        </args>
+                    </payloadFactory>
+                    <header name="Content-Type" scope="transport" value="application/x-www-form-urlencoded" />
+                    <property name="messageType" scope="axis2" type="STRING" value="application/x-www-form-urlencoded" />
+                </then>
+                <else>
+                </else>
+            </filter>
             <send>
                 <endpoint>
                      <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
diff --git a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/jmeter/DeviceTypeManagementJMeterTestCase.java b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/jmeter/DeviceTypeManagementJMeterTestCase.java
index c342e319..8f63a1df 100644
--- a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/jmeter/DeviceTypeManagementJMeterTestCase.java
+++ b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/jmeter/DeviceTypeManagementJMeterTestCase.java
@@ -89,7 +89,7 @@ public class DeviceTypeManagementJMeterTestCase extends TestBase {
         // Allow some time for message delivery
         Thread.sleep(10000);
         ArrayList<MqttMessage> mqttMessages = mqttDeviceSubscriberClient.getMqttMessages();
-        Assert.assertEquals("listener did not recieve mqtt messages ", 1, mqttMessages.size());
+        Assert.assertEquals("listener did not received mqtt messages ", 1, mqttMessages.size());
 
         String topicPub = automationContext.getContextTenant().getDomain() + "/"+deviceType+"/"+deviceId+"/events";
         int qos = 2;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/apim-migration.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/apim-migration.sql
new file mode 100644
index 00000000..b31b8a13
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/apim-migration.sql
@@ -0,0 +1,47 @@
+ALTER TABLE AM_SUBSCRIPTION_KEY_MAPPING MODIFY ACCESS_TOKEN VARCHAR(512);
+ALTER TABLE AM_APPLICATION_REGISTRATION MODIFY TOKEN_SCOPE VARCHAR(1500);
+
+CREATE TABLE IF NOT EXISTS `AM_CERTIFICATE_METADATA` (
+  `TENANT_ID` INT(11) NOT NULL,
+  `ALIAS` VARCHAR(45) NOT NULL,
+  `END_POINT` VARCHAR(100) NOT NULL,
+  CONSTRAINT PK_ALIAS PRIMARY KEY (`ALIAS`),
+  CONSTRAINT END_POINT_CONSTRAINT UNIQUE (`END_POINT`)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_APPLICATION_GROUP_MAPPING (
+    APPLICATION_ID INTEGER NOT NULL,
+    GROUP_ID VARCHAR(512)NOT NULL,
+    TENANT VARCHAR(255),
+    PRIMARY KEY (APPLICATION_ID,GROUP_ID,TENANT),
+    FOREIGN KEY (APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_USAGE_UPLOADED_FILES (
+  TENANT_DOMAIN varchar(255) NOT NULL,
+  FILE_NAME varchar(255) NOT NULL,
+  FILE_TIMESTAMP TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  FILE_PROCESSED tinyint(1) DEFAULT FALSE,
+  FILE_CONTENT MEDIUMBLOB DEFAULT NULL,
+  PRIMARY KEY (TENANT_DOMAIN, FILE_NAME, FILE_TIMESTAMP)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_API_LC_PUBLISH_EVENTS (
+    ID INTEGER(11) NOT NULL AUTO_INCREMENT,
+    TENANT_DOMAIN VARCHAR(500) NOT NULL,
+    API_ID VARCHAR(500) NOT NULL,
+    EVENT_TIME TIMESTAMP NOT NULL,
+    PRIMARY KEY (ID)
+) ENGINE=InnoDB;
+
+
+CREATE TABLE IF NOT EXISTS  IDN_SAML2_ASSERTION_STORE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  SAML2_ID  VARCHAR(255) ,
+  SAML2_ISSUER  VARCHAR(255) ,
+  SAML2_SUBJECT  VARCHAR(255) ,
+  SAML2_SESSION_INDEX  VARCHAR(255) ,
+  SAML2_AUTHN_CONTEXT_CLASS_REF  VARCHAR(255) ,
+  SAML2_ASSERTION  VARCHAR(4096) ,
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/archival.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/archival.sql
new file mode 100644
index 00000000..efc57d71
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/archival.sql
@@ -0,0 +1,70 @@
+-- This database has to be created separately.
+
+CREATE TABLE IF NOT EXISTS DM_OPERATION_ARCH (
+    ID INTEGER NOT NULL,
+    TYPE VARCHAR(20) NOT NULL,
+    CREATED_TIMESTAMP TIMESTAMP NOT NULL,
+    RECEIVED_TIMESTAMP TIMESTAMP NULL,
+    OPERATION_CODE VARCHAR(50) NOT NULL,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (ID)
+)ENGINE = InnoDB;
+
+
+CREATE TABLE IF NOT EXISTS DM_ENROLMENT_OP_MAPPING_ARCH (
+    ID INTEGER NOT NULL,
+    ENROLMENT_ID INTEGER NOT NULL,
+    OPERATION_ID INTEGER NOT NULL,
+    STATUS VARCHAR(50) NULL,
+    PUSH_NOTIFICATION_STATUS VARCHAR(50) NULL,
+    CREATED_TIMESTAMP INTEGER NOT NULL,
+    UPDATED_TIMESTAMP INTEGER NOT NULL,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (ID)
+)ENGINE = InnoDB;
+
+
+CREATE TABLE IF NOT EXISTS DM_DEVICE_OPERATION_RESPONSE_ARCH  (
+   ID  INT(11) NOT NULL,
+   ENROLMENT_ID  INTEGER NOT NULL,
+   OPERATION_ID  INTEGER NOT NULL,
+   EN_OP_MAP_ID  INTEGER NOT NULL,
+   OPERATION_RESPONSE  LONGBLOB DEFAULT NULL,
+   RECEIVED_TIMESTAMP  TIMESTAMP NULL,
+   ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+   PRIMARY KEY (ID)
+)ENGINE = InnoDB;
+
+CREATE TABLE IF NOT EXISTS DM_NOTIFICATION_ARCH (
+    NOTIFICATION_ID INTEGER NOT NULL,
+    DEVICE_ID INTEGER NOT NULL,
+    OPERATION_ID INTEGER NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    STATUS VARCHAR(10) NULL,
+    DESCRIPTION VARCHAR(1000) NULL,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (NOTIFICATION_ID)
+)ENGINE = InnoDB;
+
+CREATE TABLE IF NOT EXISTS DM_COMMAND_OPERATION_ARCH (
+    OPERATION_ID INTEGER NOT NULL,
+    ENABLED BOOLEAN NOT NULL DEFAULT FALSE,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (OPERATION_ID)
+)ENGINE = InnoDB;
+
+CREATE TABLE IF NOT EXISTS DM_CONFIG_OPERATION_ARCH (
+    OPERATION_ID INTEGER NOT NULL,
+    OPERATION_CONFIG  BLOB DEFAULT NULL,
+    ENABLED BOOLEAN NOT NULL DEFAULT FALSE,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (OPERATION_ID)
+)ENGINE = InnoDB;
+
+CREATE TABLE IF NOT EXISTS DM_PROFILE_OPERATION_ARCH (
+    OPERATION_ID INTEGER NOT NULL,
+    ENABLED INTEGER NOT NULL DEFAULT 0,
+    OPERATION_DETAILS BLOB DEFAULT NULL,
+    ARCHIVED_AT TIMESTAMP DEFAULT NOW(),
+    PRIMARY KEY (OPERATION_ID)
+)ENGINE = InnoDB;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/cdm-migration.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/cdm-migration.sql
new file mode 100644
index 00000000..4a0f33ec
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/cdm-migration.sql
@@ -0,0 +1,160 @@
+ALTER TABLE DM_OPERATION
+ADD COLUMN INITIATED_BY VARCHAR(100) NULL DEFAULT NULL AFTER OPERATION_CODE;
+
+CREATE INDEX IDX_DEVICE_TYPE_PROVIDER ON DM_DEVICE_TYPE (NAME, PROVIDER_TENANT_ID);
+CREATE INDEX IDX_DEVICE_TYPE_DEVICE_NAME ON DM_DEVICE_TYPE(ID, NAME);
+
+
+ALTER TABLE DM_DEVICE_APPLICATION_MAPPING
+ADD COLUMN ENROLMENT_ID INT(11) NULL AFTER DEVICE_ID,
+ADD COLUMN APP_PROPERTIES BLOB NULL AFTER TENANT_ID,
+ADD COLUMN MEMORY_USAGE INT(11) NULL AFTER APP_PROPERTIES,
+ADD COLUMN IS_ACTIVE TINYINT NULL AFTER MEMORY_USAGE;
+
+SET SQL_SAFE_UPDATES = 0;
+
+UPDATE DM_DEVICE_APPLICATION_MAPPING dam,
+    DM_ENROLMENT de,
+    DM_APPLICATION da
+SET
+    dam.ENROLMENT_ID = de.ID,
+    dam.MEMORY_USAGE = da.MEMORY_USAGE,
+    dam.APP_PROPERTIES = da.APP_PROPERTIES,
+    dam.IS_ACTIVE = da.IS_ACTIVE
+WHERE
+    dam.APPLICATION_ID = da.ID
+	AND dam.DEVICE_ID = de.DEVICE_ID
+    AND de.STATUS = 'ACTIVE';
+
+SET SQL_SAFE_UPDATES = 1;
+
+
+-- This should run only after the 3.1.0 is shutdown completely.
+
+ALTER TABLE DM_DEVICE_APPLICATION_MAPPING
+CHANGE COLUMN IS_ACTIVE IS_ACTIVE TINYINT(4) NOT NULL ,
+ADD INDEX FK_DM_APP_MAP_DM_ENROL_idx (ENROLMENT_ID ASC);
+ALTER TABLE DM_DEVICE_APPLICATION_MAPPING
+ADD CONSTRAINT FK_DM_APP_MAP_DM_ENROL
+  FOREIGN KEY (ENROLMENT_ID)
+  REFERENCES DM_ENROLMENT (ID)
+  ON DELETE NO ACTION
+  ON UPDATE NO ACTION;
+
+-- Change the notification --
+
+ALTER TABLE DM_NOTIFICATION
+DROP FOREIGN KEY fk_dm_operation_notification;
+ALTER TABLE DM_NOTIFICATION
+CHANGE COLUMN OPERATION_ID OPERATION_ID INT(11) NULL ,
+ADD COLUMN LAST_UPDATED_TIMESTAMP TIMESTAMP NULL AFTER DESCRIPTION;
+
+
+ALTER TABLE DM_NOTIFICATION
+CHANGE COLUMN LAST_UPDATED_TIMESTAMP LAST_UPDATED_TIMESTAMP TIMESTAMP NOT NULL ;
+
+-- Change the device info ---
+
+ALTER TABLE DM_DEVICE_INFO
+ADD COLUMN ENROLMENT_ID INT(11) NULL AFTER DEVICE_ID;
+
+SET SQL_SAFE_UPDATES = 0;
+
+
+UPDATE DM_DEVICE_INFO di,
+    DM_ENROLMENT de
+SET
+    di.ENROLMENT_ID = de.ID
+WHERE
+    di.DEVICE_ID = de.DEVICE_ID
+        AND de.STATUS = 'ACTIVE';
+
+SET SQL_SAFE_UPDATES = 1;
+
+-- This should run only after the 3.1.0 is shutdown completely.
+
+ALTER TABLE DM_DEVICE_INFO
+CHANGE COLUMN ENROLMENT_ID ENROLMENT_ID INT(11) NOT NULL,
+ADD INDEX DM_DEVICE_LOCATION_DM_ENROLLMENT_idx (ENROLMENT_ID ASC);
+ALTER TABLE DM_DEVICE_INFO
+ADD CONSTRAINT DM_DEVICE_LOCATION_DM_ENROLLMENT
+  FOREIGN KEY (ENROLMENT_ID)
+  REFERENCES DM_ENROLMENT (ID)
+  ON DELETE NO ACTION
+  ON UPDATE NO ACTION;
+
+
+-- Change the device location ---
+
+ALTER TABLE DM_DEVICE_LOCATION
+CHANGE COLUMN STREET1 STREET1 VARCHAR(255) NULL DEFAULT NULL ,
+CHANGE COLUMN STREET2 STREET2 VARCHAR(255) NULL DEFAULT NULL ,
+ADD COLUMN ENROLMENT_ID INT(11) NULL AFTER DEVICE_ID,
+ADD COLUMN GEO_HASH VARCHAR(45) NULL AFTER UPDATE_TIMESTAMP,
+ADD INDEX DM_DEVICE_LOCATION_GEO_hashx (GEO_HASH ASC);
+
+
+SET SQL_SAFE_UPDATES = 0;
+
+
+UPDATE DM_DEVICE_LOCATION di,
+    DM_ENROLMENT de
+SET
+    di.ENROLMENT_ID = de.ID
+WHERE
+    di.DEVICE_ID = de.DEVICE_ID
+        AND de.STATUS = 'ACTIVE';
+
+SET SQL_SAFE_UPDATES = 1;
+
+-- This should run only after the 3.1.0 is shutdown completely.
+
+ALTER TABLE DM_DEVICE_LOCATION
+CHANGE COLUMN ENROLMENT_ID ENROLMENT_ID INT(11) NOT NULL ,
+ADD INDEX DM_DEVICE_LOCATION_DM_ENROLLMENT_idx (ENROLMENT_ID ASC);
+ALTER TABLE DM_DEVICE_LOCATION
+ADD CONSTRAINT FK_DM_DEVICE_LOCATION_DM_ENROLLMENT
+  FOREIGN KEY (ENROLMENT_ID)
+  REFERENCES DM_ENROLMENT (ID)
+  ON DELETE NO ACTION
+  ON UPDATE NO ACTION;
+
+
+-- Changes to the device details --
+
+ALTER TABLE DM_DEVICE_DETAIL
+CHANGE COLUMN CONNECTION_TYPE CONNECTION_TYPE VARCHAR(50) NULL DEFAULT NULL ,
+ADD COLUMN ENROLMENT_ID INT(11) NULL AFTER DEVICE_ID;
+
+
+SET SQL_SAFE_UPDATES = 0;
+
+
+UPDATE DM_DEVICE_DETAIL di,
+    DM_ENROLMENT de
+SET
+    di.ENROLMENT_ID = de.ID
+WHERE
+    di.DEVICE_ID = de.DEVICE_ID
+        AND de.STATUS = 'ACTIVE';
+
+SET SQL_SAFE_UPDATES = 1;
+
+-- This should run only after the 3.1.0 is shutdown completely.
+
+ALTER TABLE DM_DEVICE_DETAIL
+CHANGE COLUMN ENROLMENT_ID ENROLMENT_ID INT(11) NOT NULL ,
+ADD INDEX FK_DM_ENROLMENT_DEVICE_DETAILS_idx (ENROLMENT_ID ASC);
+ALTER TABLE DM_DEVICE_DETAIL
+ADD CONSTRAINT FK_DM_ENROLMENT_DEVICE_DETAILS
+  FOREIGN KEY (ENROLMENT_ID)
+  REFERENCES DM_ENROLMENT (ID)
+  ON DELETE NO ACTION
+  ON UPDATE NO ACTION;
+
+-- TEMP TABLE REQUIRED FOR DATA ARCHIVAL JOB
+CREATE TABLE IF NOT EXISTS DM_ARCHIVED_OPERATIONS (
+    ID INTEGER NOT NULL,
+    CREATED_TIMESTAMP TIMESTAMP NOT NULL,
+    PRIMARY KEY (ID)
+)ENGINE = InnoDB;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/README.txt b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/README.txt
new file mode 100644
index 00000000..0dd7b577
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/README.txt
@@ -0,0 +1,9 @@
+* Copy the migration-resources folder  to the <IoT-3.3.1-HOME> directory.
+
+* Build this https://github.com/wso2-support/product-is/tree/support-5.5.0/modules/migration/migration-service and
+  copy the org.wso2.carbon.is.migration-5.5.0.jar to the <IoT-3.3.1-HOME>/dropins directory.
+
+* Copy and replace the keystores used in the previous version (IoT-3.1.0) to the <IoT-3.3.1-HOME>/repository/resources/security directory.
+
+* Run the following command
+   ./iot-server.sh -Dmigrate -Dcomponent=identity
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..85d06993
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,29 @@
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+SESSION_ID VARCHAR (100) NOT NULL,
+SESSION_TYPE VARCHAR(100) NOT NULL,
+SESSION_OBJECT BLOB,
+TIME_CREATED TIMESTAMP,
+PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+)/
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234'/
+
+BEGIN
+ DECLARE STMT VARCHAR(200);
+ FOR v AS cur1 CURSOR FOR
+   select CONSTNAME from SYSCAT.TABCONST WHERE TABNAME='IDP_PROVISIONING_ENTITY' AND TYPE = 'U'
+ DO
+  SET STMT = 'ALTER TABLE IDP_PROVISIONING_ENTITY DROP UNIQUE ' ||  v.CONSTNAME;
+  PREPARE S1 FROM STMT;
+  EXECUTE S1;
+ END FOR;
+END
+/
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD CONSTRAINT IDP_PROVISIONING_ENTITY_U1 UNIQUE(PROVISIONING_CONFIG_ID, ENTITY_TYPE, ENTITY_VALUE)
+/
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD CONSTRAINT IDP_PROVISIONING_ENTITY_U2 UNIQUE(ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID)
+/
+
+
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..a2b5c255
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,17 @@
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+  SESSION_ID VARCHAR (100) DEFAULT NULL,
+  SESSION_TYPE VARCHAR(100) DEFAULT NULL,
+  SESSION_OBJECT BLOB,
+  TIME_CREATED TIMESTAMP,
+  PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+);
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234';
+
+CREATE ALIAS IF NOT EXISTS DROP_FK AS $$ void executeSql(Connection conn, String sql) throws SQLException { conn.createStatement().executeUpdate(sql); } $$;
+
+call drop_fk('ALTER TABLE IDP_PROVISIONING_ENTITY DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDP_PROVISIONING_ENTITY' AND COLUMN_LIST  = 'ENTITY_TYPE,TENANT_ID,ENTITY_LOCAL_USERSTORE,ENTITY_NAME'));
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID);
+
+DROP ALIAS IF EXISTS DROP_FK;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..1bc0472b
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,12 @@
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_AUTH_SESSION_STORE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+        SESSION_ID VARCHAR (100) DEFAULT NULL,
+        SESSION_TYPE VARCHAR(100) DEFAULT NULL,
+        SESSION_OBJECT VARBINARY(MAX),
+        TIME_CREATED DATETIME,
+        PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+);
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234';
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDP_PROVISIONING_ENTITY DROP CONSTRAINT ' + A.CONSTRAINT_NAME + ';' FROM (SELECT * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE WHERE TABLE_NAME='IDP_PROVISIONING_ENTITY' AND COLUMN_NAME='ENTITY_TYPE') A INNER JOIN (SELECT * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE WHERE TABLE_NAME='IDP_PROVISIONING_ENTITY' AND COLUMN_NAME='TENANT_ID') B ON A.CONSTRAINT_NAME=B.CONSTRAINT_NAME INNER JOIN (SELECT * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE WHERE TABLE_NAME='IDP_PROVISIONING_ENTITY' AND COLUMN_NAME='ENTITY_LOCAL_USERSTORE') C ON B.CONSTRAINT_NAME=C.CONSTRAINT_NAME INNER JOIN (SELECT * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE WHERE TABLE_NAME='IDP_PROVISIONING_ENTITY' AND COLUMN_NAME='ENTITY_NAME') D ON C.CONSTRAINT_NAME=D.CONSTRAINT_NAME;EXEC (@COMMAND);
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..360a17c0
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,13 @@
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+  SESSION_ID VARCHAR (100) NOT NULL,
+  SESSION_TYPE VARCHAR(100) NOT NULL,
+  SESSION_OBJECT BLOB,
+  TIME_CREATED TIMESTAMP,
+  PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+)ENGINE INNODB;
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234';
+
+ALTER TABLE IDP_PROVISIONING_ENTITY DROP INDEX ENTITY_TYPE;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD UNIQUE KEY ENTITY_TYPE( ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID );
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..091505f9
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,13 @@
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+  SESSION_ID VARCHAR (100) NOT NULL,
+  SESSION_TYPE VARCHAR(100) NOT NULL,
+  SESSION_OBJECT BLOB,
+  TIME_CREATED TIMESTAMP,
+  PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+)ENGINE INNODB;
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234';
+
+ALTER TABLE IDP_PROVISIONING_ENTITY DROP INDEX ENTITY_TYPE;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD UNIQUE KEY ENTITY_TYPE( ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID );
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..621ab0db
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,15 @@
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+            SESSION_ID VARCHAR (100) DEFAULT NULL,
+            SESSION_TYPE VARCHAR(100) DEFAULT NULL,
+            SESSION_OBJECT BLOB,
+            TIME_CREATED TIMESTAMP,
+            PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+)
+/
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234'
+/
+ALTER TABLE IDP_PROVISIONING_ENTITY DROP UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME)
+/
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID)
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..7dcec226
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.0.0-SP1/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,14 @@
+DROP TABLE IF EXISTS IDN_AUTH_SESSION_STORE;
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+  SESSION_ID VARCHAR(100) DEFAULT NULL,
+  SESSION_TYPE VARCHAR(100) DEFAULT NULL,
+  SESSION_OBJECT BYTEA,
+  TIME_CREATED TIMESTAMP,
+  PRIMARY KEY (SESSION_ID, SESSION_TYPE)
+);
+
+UPDATE IDP_AUTHENTICATOR SET NAME='samlsso' WHERE NAME = 'saml2sso' AND TENANT_ID = '-1234';
+
+ALTER TABLE IDP_PROVISIONING_ENTITY DROP CONSTRAINT IDP_PROVISIONING_ENTITY_ENTITY_TYPE_TENANT_ID_ENTITY_LOCAL__KEY;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD CONSTRAINT IDP_PROVISIONING_ENTITY_ENTITY_TYPE_TENANT_ID_ENTITY_LOCAL__KEY UNIQUE(ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID);
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..149866e8
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,410 @@
+BEGIN
+  DECLARE const_name VARCHAR(128);
+  DECLARE STMT VARCHAR(200);
+  select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_OAUTH1A_REQUEST_TOKEN' AND TYPE = 'F';
+  SET STMT = 'ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP FOREIGN KEY ' ||  const_name;
+  PREPARE S1 FROM STMT;
+  EXECUTE S1;
+END
+/
+
+BEGIN
+  DECLARE const_name VARCHAR(128);
+  DECLARE STMT VARCHAR(200);
+  select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_OAUTH1A_ACCESS_TOKEN' AND TYPE = 'F';
+  SET STMT = 'ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP FOREIGN KEY ' ||  const_name;
+  PREPARE S1 FROM STMT;
+  EXECUTE S1;
+END
+/
+
+BEGIN
+  DECLARE const_name VARCHAR(128);
+  DECLARE STMT VARCHAR(200);
+  select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_OAUTH2_ACCESS_TOKEN' AND TYPE = 'F';
+  SET STMT = 'ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP FOREIGN KEY ' ||  const_name;
+  PREPARE S1 FROM STMT;
+  EXECUTE S1;
+END
+/
+
+BEGIN
+  DECLARE const_name VARCHAR(128);
+  DECLARE STMT VARCHAR(200);
+  select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_OAUTH2_AUTHORIZATION_CODE' AND TYPE = 'F';
+  SET STMT = 'ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP FOREIGN KEY ' ||  const_name;
+  PREPARE S1 FROM STMT;
+  EXECUTE S1;
+END
+/
+
+CREATE TABLE IDP_METADATA (
+  ID INTEGER NOT NULL,
+  IDP_ID INTEGER NOT NULL,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255),
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE)
+/
+
+CREATE SEQUENCE IDP_METADATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDP_METADATA_TRIG NO CASCADE
+BEFORE INSERT
+ON IDP_METADATA
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+  BEGIN ATOMIC
+    SET (NEW.ID) = (NEXTVAL FOR IDP_METADATA_SEQ);
+  END
+/
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL'
+/
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL'
+/
+
+CREATE TABLE SP_METADATA (
+  ID INTEGER NOT NULL,
+  SP_ID INTEGER NOT NULL,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE SP_METADATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER SP_METADATA_TRIG NO CASCADE
+BEFORE INSERT
+ON SP_METADATA
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+  BEGIN ATOMIC
+    SET (NEW.ID) = (NEXTVAL FOR SP_METADATA_SEQ);
+  END
+/
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP PRIMARY KEY
+/
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER NOT NULL DEFAULT 0
+/
+CREATE SEQUENCE IDN_OAUTH_CONSUMER_APPS_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OAUTH_CONSUMER_APPS_TRIGGER NO CASCADE BEFORE INSERT ON IDN_OAUTH_CONSUMER_APPS REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL BEGIN ATOMIC SET (NEW.ID) = (NEXTVAL FOR IDN_OAUTH_CONSUMER_APPS_SEQUENCE); END
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH_CONSUMER_APPS')
+/
+UPDATE IDN_OAUTH_CONSUMER_APPS SET ID = IDN_OAUTH_CONSUMER_APPS_SEQUENCE.NEXTVAL
+/
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PRIMARY KEY (ID)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY)
+/
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER
+/
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN set CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_REQUEST_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSTRAINT IDN_OAUTH1A_REQUEST_TOKEN_F1 FOREIGN KEY(CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1
+/
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER
+/
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN set CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_ACCESS_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSTRAINT IDN_OAUTH1A_ACCESS_TOKEN_F1 FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP PRIMARY KEY
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER NOT NULL WITH DEFAULT 0
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255)
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN set CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_ACCESS_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP UNIQUE CON_APP_KEY
+/
+
+BEGIN
+  DECLARE CONTINUE HANDLER FOR SQLSTATE '42704'
+  BEGIN END;
+  EXECUTE IMMEDIATE 'DROP INDEX IDX_AT_CK_AU';
+END
+/
+
+BEGIN
+  DECLARE CONTINUE HANDLER FOR SQLSTATE '42704'
+  BEGIN END;
+  EXECUTE IMMEDIATE 'DROP INDEX IDX_OAUTH_ACCTKN_CONK_UTYPE';
+END
+/
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER NOT NULL WITH DEFAULT -1
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50) NOT NULL WITH DEFAULT 'PRIMARY'
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH2_ACCESS_TOKEN')
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH2_ACCESS_TOKEN')
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32) NOT NULL WITH DEFAULT 'DEFAULT'
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TOKEN_STATE_ID  SET DATA TYPE VARCHAR (128)
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH2_ACCESS_TOKEN')
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID)
+/
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE)
+/
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50) NOT NULL WITH DEFAULT 'PRIMARY'
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE'
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255) NOT NULL WITH DEFAULT 'DEFAULT'
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP PRIMARY KEY
+/
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE set CONSUMER_KEY_ID = (select ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_AUTHORIZATION_CODE.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+
+CREATE TABLE IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255) NOT NULL,
+  TOKEN_SCOPE VARCHAR (60) NOT NULL,
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE))
+/
+
+ALTER TABLE IDN_IDENTITY_USER_DATA  ALTER COLUMN DATA_VALUE DROP NOT NULL
+/
+
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID )
+/
+
+BEGIN
+DECLARE const_name VARCHAR(128);
+DECLARE STMT VARCHAR(200);
+select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_ASSOCIATED_ID' AND TYPE = 'U';
+SET STMT = 'ALTER TABLE IDN_ASSOCIATED_ID DROP UNIQUE ' ||  const_name;
+PREPARE S1 FROM STMT;
+EXECUTE S1;
+END
+/
+ALTER TABLE IDN_ASSOCIATED_ID ALTER COLUMN IDP_ID SET DATA TYPE INTEGER
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_ASSOCIATED_ID')
+/
+ALTER TABLE IDN_ASSOCIATED_ID ADD CONSTRAINT IDN_ASSOCIATED_ID_U1 UNIQUE (IDP_USER_ID, TENANT_ID, IDP_ID)
+/
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255) NOT NULL WITH DEFAULT 'PRIMARY'
+/
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID )  REFERENCES IDP (ID) ON DELETE CASCADE
+/
+
+DELETE FROM IDN_AUTH_SESSION_STORE
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL WITH DEFAULT 'INVALID'
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN TIME_CREATED  SET DATA TYPE BIGINT
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN TIME_CREATED  SET NOT NULL
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP PRIMARY KEY
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_AUTH_SESSION_STORE')
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION)
+/
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1'
+/
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1'
+/
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0'
+/
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL'
+/
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL'
+/
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID
+/
+
+ALTER TABLE SP_INBOUND_AUTH ALTER COLUMN INBOUND_AUTH_KEY DROP NOT NULL
+/
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255)
+/
+
+CREATE TABLE IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME))
+/
+
+
+CREATE TABLE FIDO_DEVICE_STORE (
+  TENANT_ID INTEGER NOT NULL,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(45) NOT NULL,
+  TIME_REGISTERED TIMESTAMP,
+  KEY_HANDLE VARCHAR(200) NOT NULL,
+  DEVICE_DATA VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE))
+/
+
+CREATE TABLE WF_REQUEST (
+  UUID VARCHAR (45) NOT NULL,
+  CREATED_BY VARCHAR (255),
+  TENANT_ID INTEGER NOT NULL DEFAULT -1,
+  OPERATION_TYPE VARCHAR (50),
+  CREATED_AT TIMESTAMP,
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  REQUEST BLOB,
+  PRIMARY KEY (UUID))
+/
+
+CREATE TABLE WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR(45) NOT NULL,
+  HOST_URL VARCHAR(45),
+  USERNAME VARCHAR(45),
+  PASSWORD VARCHAR(255),
+  CALLBACK_HOST VARCHAR (45),
+  TENANT_ID INTEGER NOT NULL DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID))
+/
+
+CREATE TABLE WF_WORKFLOW(
+  ID VARCHAR (45) NOT NULL,
+  WF_NAME VARCHAR (45),
+  DESCRIPTION VARCHAR (255),
+  TEMPLATE_ID VARCHAR (45),
+  IMPL_ID VARCHAR (45),
+  TENANT_ID INTEGER NOT NULL DEFAULT -1,
+  PRIMARY KEY (ID))
+/
+
+CREATE TABLE WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER NOT NULL,
+  ASSOC_NAME VARCHAR (45),
+  EVENT_ID VARCHAR(45),
+  ASSOC_CONDITION VARCHAR (2000),
+  WORKFLOW_ID VARCHAR (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE)
+/
+
+CREATE SEQUENCE WF_WORKFLOW_ASSOCIATION_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+
+CREATE TRIGGER WF_WORKFLOW_ASSOCIATION_TRIG NO CASCADE
+BEFORE INSERT
+ON WF_WORKFLOW_ASSOCIATION
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+  BEGIN ATOMIC
+    SET (NEW.ID) = (NEXTVAL FOR WF_WORKFLOW_ASSOCIATION_SEQ);
+  END
+/
+
+CREATE TABLE WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR (45) NOT NULL,
+  PARAM_NAME VARCHAR (45) NOT NULL,
+  PARAM_VALUE VARCHAR (1000),
+  PARAM_QNAME VARCHAR (45) NOT NULL,
+  PARAM_HOLDER VARCHAR (45) NOT NULL,
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE)
+/
+
+CREATE TABLE WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR (45) NOT NULL,
+  ENTITY_NAME VARCHAR (255) NOT NULL,
+  ENTITY_TYPE VARCHAR (50) NOT NULL,
+  TENANT_ID INTEGER NOT NULL DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE)
+/
+
+CREATE TABLE WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR (45) NOT NULL,
+  WORKFLOW_ID VARCHAR (45),
+  REQUEST_ID VARCHAR (45),
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE)
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE SP_INBOUND_AUTH')
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH1A_REQUEST_TOKEN')
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_OAUTH1A_ACCESS_TOKEN')
+/
+CALL SYSPROC.ADMIN_CMD('REORG TABLE IDN_IDENTITY_USER_DATA')
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..3220c2b4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,226 @@
+CREATE ALIAS IF NOT EXISTS DROP_FK AS $$ void executeSql(Connection conn, String sql) throws SQLException { conn.createStatement().executeUpdate(sql); } $$;
+
+call drop_fk('ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDN_OAUTH1A_REQUEST_TOKEN' AND COLUMN_LIST  = 'CONSUMER_KEY'));
+call drop_fk('ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDN_OAUTH1A_ACCESS_TOKEN' AND COLUMN_LIST  = 'CONSUMER_KEY'));
+call drop_fk('ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDN_OAUTH2_ACCESS_TOKEN' AND COLUMN_LIST  = 'CONSUMER_KEY'));
+call drop_fk('ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDN_OAUTH2_AUTHORIZATION_CODE' AND COLUMN_LIST  = 'CONSUMER_KEY'));
+
+CREATE TABLE IF NOT EXISTS IDP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  IDP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+
+CREATE TABLE IF NOT EXISTS SP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  SP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE);
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PRIMARY KEY (ID);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ALTER COLUMN CONSUMER_KEY VARCHAR (255)  NOT NULL;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY);
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN REQUEST_TOKEN set REQUEST_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = REQUEST_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT CON_APP_KEY;
+DROP INDEX IF EXISTS IDX_AT_CK_AU;
+DROP INDEX IF EXISTS IDX_OAUTH_ACCTKN_CONK_UTYPE;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP DEFAULT 0;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE' NOT NULL;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID);
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE);
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE';
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP PRIMARY KEY;
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE AUTHORIZATION_CODE set AUTHORIZATION_CODE.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = AUTHORIZATION_CODE.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255),
+  TOKEN_SCOPE VARCHAR (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE)
+);
+
+DROP TABLE IF EXISTS IDN_SCIM_PROVIDER;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA  ALTER COLUMN DATA_VALUE SET NULL;
+
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID );
+ALTER TABLE IDN_ASSOCIATED_ID ALTER COLUMN IDP_ID INTEGER;
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255);
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID )  REFERENCES IDP (ID) ON DELETE CASCADE;
+
+DELETE FROM IDN_AUTH_SESSION_STORE;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID SET NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE SET NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN TIME_CREATED SET NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN TIME_CREATED BIGINT;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP PRIMARY KEY;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION);
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0';
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID;
+
+ALTER TABLE SP_INBOUND_AUTH ALTER COLUMN INBOUND_AUTH_KEY SET NULL;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255);
+
+CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME));
+
+CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(45) NOT NULL,
+  TIME_REGISTERED TIMESTAMP,
+  KEY_HANDLE VARCHAR(200) NOT NULL,
+  DEVICE_DATA LONGVARCHAR NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE));
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST (
+  UUID VARCHAR (45),
+  CREATED_BY VARCHAR (255),
+  TENANT_ID INTEGER DEFAULT -1,
+  OPERATION_TYPE VARCHAR (50),
+  CREATED_AT TIMESTAMP,
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  REQUEST BLOB,
+  PRIMARY KEY (UUID)
+);
+
+CREATE TABLE IF NOT EXISTS WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR(45),
+  HOST_URL_MANAGER VARCHAR(45),
+  HOST_URL_WORKER VARCHAR(45),
+  USERNAME VARCHAR(45),
+  PASSWORD VARCHAR(255),
+  CALLBACK_HOST VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW(
+  ID VARCHAR (45),
+  WF_NAME VARCHAR (45),
+  DESCRIPTION VARCHAR (255),
+  TEMPLATE_ID VARCHAR (45),
+  IMPL_ID VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  ASSOC_NAME VARCHAR (45),
+  EVENT_ID VARCHAR(45),
+  ASSOC_CONDITION VARCHAR (2000),
+  WORKFLOW_ID VARCHAR (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR (45),
+  PARAM_NAME VARCHAR (45),
+  PARAM_VALUE VARCHAR (1000),
+  PARAM_QNAME VARCHAR (45),
+  PARAM_HOLDER VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR (45),
+  ENTITY_NAME VARCHAR (255),
+  ENTITY_TYPE VARCHAR (50),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR (45),
+  WORKFLOW_ID VARCHAR (45),
+  REQUEST_ID VARCHAR (45),
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+);
+
+DROP ALIAS IF EXISTS DROP_FK;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..d8508d0d
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,238 @@
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND= 'ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'IDN_OAUTH1A_REQUEST_TOKEN';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'IDN_OAUTH1A_ACCESS_TOKEN';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT ' + RC.CONSTRAINT_NAME  + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'IDN_OAUTH2_ACCESS_TOKEN';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'IDN_OAUTH2_AUTHORIZATION_CODE';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP CONSTRAINT ' + NAME + ';' FROM   sys.key_constraints WHERE  [type] = 'PK' AND [parent_object_id] = Object_id('dbo.IDN_OAUTH_CONSUMER_APPS');EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT ' + NAME + ';' FROM   sys.key_constraints WHERE  [type] = 'PK' AND [parent_object_id] = Object_id('dbo.IDN_OAUTH2_ACCESS_TOKEN');EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP CONSTRAINT ' + NAME + ';' FROM   sys.key_constraints WHERE  [type] = 'PK' AND [parent_object_id] = Object_id('dbo.IDN_OAUTH2_AUTHORIZATION_CODE');EXEC (@COMMAND);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDP_METADATA]') AND TYPE IN (N'U'))
+  CREATE TABLE IDP_METADATA (
+    ID INTEGER IDENTITY,
+    IDP_ID INTEGER,
+    NAME VARCHAR(255) NOT NULL,
+    VALUE VARCHAR(255) NOT NULL,
+    DISPLAY_NAME VARCHAR(255),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (ID),
+    CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+    FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[SP_METADATA]') AND TYPE IN (N'U'))
+  CREATE TABLE SP_METADATA (
+    ID INTEGER IDENTITY,
+    SP_ID INTEGER,
+    NAME VARCHAR(255) NOT NULL,
+    VALUE VARCHAR(255) NOT NULL,
+    DISPLAY_NAME VARCHAR(255),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (ID),
+    CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+    FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE);
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER NOT NULL IDENTITY PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ALTER COLUMN CONSUMER_KEY VARCHAR (255)  NOT NULL;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY);
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN set IDN_OAUTH1A_REQUEST_TOKEN.CONSUMER_KEY_ID = (select IDN_OAUTH_CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_REQUEST_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN set IDN_OAUTH1A_ACCESS_TOKEN.CONSUMER_KEY_ID = (select IDN_OAUTH_CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_ACCESS_TOKEN set IDN_OAUTH2_ACCESS_TOKEN.CONSUMER_KEY_ID = (select IDN_OAUTH_CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT CON_APP_KEY;
+IF EXISTS (SELECT *  FROM sys.indexes WHERE name='IDX_AT_CK_AU') begin DROP INDEX IDN_OAUTH2_ACCESS_TOKEN.IDX_AT_CK_AU; end;
+IF EXISTS (SELECT *  FROM sys.indexes WHERE name='IDX_OAUTH_ACCTKN_CONK_UTYPE') begin DROP INDEX IDN_OAUTH2_ACCESS_TOKEN.IDX_OAUTH_ACCTKN_CONK_UTYPE; end;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED DATETIME;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TOKEN_STATE_ID VARCHAR (128);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID);
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE);
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE';
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE set IDN_OAUTH2_AUTHORIZATION_CODE.CONSUMER_KEY_ID = (select IDN_OAUTH_CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_AUTHORIZATION_CODE.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+DROP TABLE IDN_SCIM_PROVIDER;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA ALTER COLUMN DATA_VALUE VARCHAR(255) NULL;
+
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_ASSOCIATED_ID DROP CONSTRAINT ' + NAME + ';' FROM sys.key_constraints WHERE  [type] = 'UQ' AND [parent_object_id] = Object_id('dbo.IDN_ASSOCIATED_ID');EXEC (@COMMAND);
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID );
+ALTER TABLE IDN_ASSOCIATED_ID ALTER COLUMN IDP_ID INTEGER;
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255);
+ALTER TABLE IDN_ASSOCIATED_ID ADD UNIQUE(IDP_USER_ID, TENANT_ID, IDP_ID);
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID ) REFERENCES IDP (ID) ON DELETE CASCADE;
+
+DELETE FROM IDN_AUTH_SESSION_STORE;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID VARCHAR (100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE VARCHAR(100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP COLUMN TIME_CREATED;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TIME_CREATED BIGINT NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1;
+DECLARE @COMMAND NVARCHAR(200);SELECT @COMMAND='ALTER TABLE IDN_AUTH_SESSION_STORE DROP CONSTRAINT ' + NAME + ';' FROM   sys.key_constraints WHERE  [type] = 'PK' AND [parent_object_id] = Object_id('dbo.IDN_AUTH_SESSION_STORE');EXEC (@COMMAND);
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION);
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0';
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID;
+
+ALTER TABLE SP_INBOUND_AUTH ALTER COLUMN INBOUND_AUTH_KEY VARCHAR (255) NULL;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255);
+
+CREATE TABLE IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255),
+  TOKEN_SCOPE VARCHAR (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE)
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_USER_ACCOUNT_ASSOCIATION]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_USER_ACCOUNT_ASSOCIATION (
+    ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+    TENANT_ID INTEGER,
+    DOMAIN_NAME VARCHAR(255) NOT NULL,
+    USER_NAME VARCHAR(255) NOT NULL,
+    PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME));
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[FIDO_DEVICE_STORE]') AND TYPE IN (N'U'))
+  CREATE TABLE FIDO_DEVICE_STORE (
+    TENANT_ID INTEGER,
+    DOMAIN_NAME VARCHAR(255) NOT NULL,
+    USER_NAME VARCHAR(45) NOT NULL,
+    TIME_REGISTERED DATETIME,
+    KEY_HANDLE VARCHAR(200) NOT NULL,
+    DEVICE_DATA VARCHAR(2048) NOT NULL,
+    PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE));
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_REQUEST]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_REQUEST (
+    UUID VARCHAR (45),
+    CREATED_BY VARCHAR (255),
+    TENANT_ID INTEGER DEFAULT -1,
+    OPERATION_TYPE VARCHAR (50),
+    CREATED_AT DATETIME,
+    UPDATED_AT DATETIME,
+    STATUS VARCHAR (30),
+    REQUEST VARBINARY(MAX),
+    PRIMARY KEY (UUID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_BPS_PROFILE]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_BPS_PROFILE (
+    PROFILE_NAME VARCHAR(45),
+    HOST_URL_MANAGER VARCHAR(45),
+    HOST_URL_WORKER VARCHAR(45),
+    USERNAME VARCHAR(45),
+    PASSWORD VARCHAR(255),
+    CALLBACK_HOST VARCHAR (45),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (PROFILE_NAME, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_WORKFLOW]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_WORKFLOW(
+    ID VARCHAR (45),
+    WF_NAME VARCHAR (45),
+    DESCRIPTION VARCHAR (255),
+    TEMPLATE_ID VARCHAR (45),
+    IMPL_ID VARCHAR (45),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_WORKFLOW_ASSOCIATION]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_WORKFLOW_ASSOCIATION(
+    ID INTEGER NOT NULL IDENTITY ,
+    ASSOC_NAME VARCHAR (45),
+    EVENT_ID VARCHAR(45),
+    ASSOC_CONDITION VARCHAR (2000),
+    WORKFLOW_ID VARCHAR (45),
+    IS_ENABLED CHAR (1) DEFAULT '1',
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY(ID),
+    FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_WORKFLOW_CONFIG_PARAM]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_WORKFLOW_CONFIG_PARAM(
+    WORKFLOW_ID VARCHAR (45),
+    PARAM_NAME VARCHAR (45),
+    PARAM_VALUE VARCHAR (1000),
+    PARAM_QNAME VARCHAR (45),
+    PARAM_HOLDER VARCHAR (45),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+    FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_REQUEST_ENTITY_RELATIONSHIP]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_REQUEST_ENTITY_RELATIONSHIP(
+    REQUEST_ID VARCHAR (45),
+    ENTITY_NAME VARCHAR (255),
+    ENTITY_TYPE VARCHAR (50),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+    FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[WF_WORKFLOW_REQUEST_RELATION]') AND TYPE IN (N'U'))
+  CREATE TABLE WF_WORKFLOW_REQUEST_RELATION(
+    RELATIONSHIP_ID VARCHAR (45),
+    WORKFLOW_ID VARCHAR (45),
+    REQUEST_ID VARCHAR (45),
+    UPDATED_AT DATETIME,
+    STATUS VARCHAR (30),
+    TENANT_ID INTEGER DEFAULT -1,
+    PRIMARY KEY (RELATIONSHIP_ID),
+    FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+    FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+  );
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..d1be1314
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,271 @@
+DROP PROCEDURE IF EXISTS drop_index_if_exists;
+CREATE PROCEDURE drop_index_if_exists(in theTable varchar(128), in theIndexName varchar(128) ) BEGIN IF((SELECT COUNT(*) AS index_exists FROM information_schema.statistics WHERE TABLE_SCHEMA = DATABASE() and table_name = theTable AND index_name = theIndexName) > 0) THEN SET @s = CONCAT('DROP INDEX ' , theIndexName , ' ON ' , theTable); PREPARE stmt FROM @s; EXECUTE stmt; END IF; END;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH1A_REQUEST_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH1A_ACCESS_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH2_ACCESS_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH2_AUTHORIZATION_CODE"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+CREATE TABLE IF NOT EXISTS IDP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  IDP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+
+CREATE TABLE IF NOT EXISTS SP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  SP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS MODIFY COLUMN CONSUMER_KEY VARCHAR (255)  NOT NULL;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY);
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN REQUEST_TOKEN set REQUEST_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = REQUEST_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP INDEX CON_APP_KEY;
+CALL drop_index_if_exists("IDN_OAUTH2_ACCESS_TOKEN", "IDX_AT_CK_AU");
+CALL drop_index_if_exists("IDN_OAUTH2_ACCESS_TOKEN", "IDX_OAUTH_ACCTKN_CONK_UTYPE");
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP DEFAULT 0;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY COLUMN TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE' NOT NULL;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID);
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE);
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE';
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP PRIMARY KEY;
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE AUTHORIZATION_CODE set AUTHORIZATION_CODE.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = AUTHORIZATION_CODE.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+DROP TABLE IF EXISTS IDN_SCIM_PROVIDER;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA  MODIFY COLUMN DATA_VALUE VARCHAR(255) NULL;
+
+ALTER TABLE IDN_ASSOCIATED_ID MODIFY COLUMN IDP_ID VARCHAR(255);
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID );
+DELETE FROM IDN_ASSOCIATED_ID WHERE IDP_ID is NULL;
+ALTER TABLE IDN_ASSOCIATED_ID MODIFY COLUMN IDP_ID INTEGER NOT NULL;
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255);
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID )  REFERENCES IDP (ID) ON DELETE CASCADE;
+
+DELETE FROM IDN_AUTH_SESSION_STORE;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN SESSION_ID VARCHAR (100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN SESSION_TYPE VARCHAR(100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN TIME_CREATED BIGINT NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP PRIMARY KEY;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION);
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0';
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID;
+
+ALTER TABLE SP_INBOUND_AUTH MODIFY COLUMN INBOUND_AUTH_KEY VARCHAR (255);
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255),
+  TOKEN_SCOPE VARCHAR (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(45) NOT NULL,
+  TIME_REGISTERED TIMESTAMP,
+  KEY_HANDLE VARCHAR(200) NOT NULL,
+  DEVICE_DATA VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST (
+  UUID VARCHAR (45),
+  CREATED_BY VARCHAR (255),
+  TENANT_ID INTEGER DEFAULT -1,
+  OPERATION_TYPE VARCHAR (50),
+  CREATED_AT TIMESTAMP,
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  REQUEST BLOB,
+  PRIMARY KEY (UUID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR(45),
+  HOST_URL_MANAGER VARCHAR(45),
+  HOST_URL_WORKER VARCHAR(45),
+  USERNAME VARCHAR(45),
+  PASSWORD VARCHAR(255),
+  CALLBACK_HOST VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW(
+  ID VARCHAR (45),
+  WF_NAME VARCHAR (45),
+  DESCRIPTION VARCHAR (255),
+  TEMPLATE_ID VARCHAR (45),
+  IMPL_ID VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  ASSOC_NAME VARCHAR (45),
+  EVENT_ID VARCHAR(45),
+  ASSOC_CONDITION VARCHAR (2000),
+  WORKFLOW_ID VARCHAR (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR (45),
+  PARAM_NAME VARCHAR (45),
+  PARAM_VALUE VARCHAR (1000),
+  PARAM_QNAME VARCHAR (45),
+  PARAM_HOLDER VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR (45),
+  ENTITY_NAME VARCHAR (255),
+  ENTITY_TYPE VARCHAR (50),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR (45),
+  WORKFLOW_ID VARCHAR (45),
+  REQUEST_ID VARCHAR (45),
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+DROP PROCEDURE IF EXISTS drop_index_if_exists;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..dea64f6e
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,273 @@
+DROP PROCEDURE IF EXISTS drop_index_if_exists;
+CREATE PROCEDURE drop_index_if_exists(in theTable varchar(128), in theIndexName varchar(128) ) BEGIN IF((SELECT COUNT(*) AS index_exists FROM information_schema.statistics WHERE TABLE_SCHEMA = DATABASE() and table_name = theTable AND index_name = theIndexName) > 0) THEN SET @s = CONCAT('DROP INDEX ' , theIndexName , ' ON ' , theTable); PREPARE stmt FROM @s; EXECUTE stmt; END IF; END;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH1A_REQUEST_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH1A_ACCESS_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TIME_CREATED DROP DEFAULT;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH2_ACCESS_TOKEN"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+where TABLE_SCHEMA = @databasename and TABLE_NAME = "IDN_OAUTH2_AUTHORIZATION_CODE"
+and referenced_column_name is not NULL limit 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlst = NULL;
+
+CREATE TABLE IF NOT EXISTS IDP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  IDP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+
+CREATE TABLE IF NOT EXISTS SP_METADATA (
+  ID INTEGER AUTO_INCREMENT,
+  SP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS MODIFY COLUMN CONSUMER_KEY VARCHAR (255)  NOT NULL;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY);
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN REQUEST_TOKEN set REQUEST_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = REQUEST_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP PRIMARY KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP INDEX CON_APP_KEY;
+CALL drop_index_if_exists("IDN_OAUTH2_ACCESS_TOKEN", "IDX_AT_CK_AU");
+CALL drop_index_if_exists("IDN_OAUTH2_ACCESS_TOKEN", "IDX_OAUTH_ACCTKN_CONK_UTYPE");
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP DEFAULT CURRENT_TIMESTAMP;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY COLUMN TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE' NOT NULL;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID);
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE);
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE';
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP PRIMARY KEY;
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE AUTHORIZATION_CODE set AUTHORIZATION_CODE.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = AUTHORIZATION_CODE.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+DROP TABLE IF EXISTS IDN_SCIM_PROVIDER;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA  MODIFY COLUMN DATA_VALUE VARCHAR(255) NULL;
+
+ALTER TABLE IDN_ASSOCIATED_ID MODIFY COLUMN IDP_ID VARCHAR(255);
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID );
+DELETE FROM IDN_ASSOCIATED_ID WHERE IDP_ID is NULL;
+ALTER TABLE IDN_ASSOCIATED_ID MODIFY COLUMN IDP_ID INTEGER NOT NULL;
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255);
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID )  REFERENCES IDP (ID) ON DELETE CASCADE;
+
+DELETE FROM IDN_AUTH_SESSION_STORE;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN SESSION_ID VARCHAR (100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN SESSION_TYPE VARCHAR(100) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY COLUMN TIME_CREATED BIGINT NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP PRIMARY KEY;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION);
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0';
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID;
+
+ALTER TABLE SP_INBOUND_AUTH MODIFY COLUMN INBOUND_AUTH_KEY VARCHAR (255);
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255),
+  TOKEN_SCOPE VARCHAR (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(45) NOT NULL,
+  TIME_REGISTERED TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  KEY_HANDLE VARCHAR(200) NOT NULL,
+  DEVICE_DATA VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST (
+  UUID VARCHAR (45),
+  CREATED_BY VARCHAR (255),
+  TENANT_ID INTEGER DEFAULT -1,
+  OPERATION_TYPE VARCHAR (50),
+  CREATED_AT TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  UPDATED_AT TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  STATUS VARCHAR (30),
+  REQUEST BLOB,
+  PRIMARY KEY (UUID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR(45),
+  HOST_URL_MANAGER VARCHAR(45),
+  HOST_URL_WORKER VARCHAR(45),
+  USERNAME VARCHAR(45),
+  PASSWORD VARCHAR(255),
+  CALLBACK_HOST VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW(
+  ID VARCHAR (45),
+  WF_NAME VARCHAR (45),
+  DESCRIPTION VARCHAR (255),
+  TEMPLATE_ID VARCHAR (45),
+  IMPL_ID VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  ASSOC_NAME VARCHAR (45),
+  EVENT_ID VARCHAR(45),
+  ASSOC_CONDITION VARCHAR (2000),
+  WORKFLOW_ID VARCHAR (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR (45),
+  PARAM_NAME VARCHAR (45),
+  PARAM_VALUE VARCHAR (1000),
+  PARAM_QNAME VARCHAR (45),
+  PARAM_HOLDER VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR (45),
+  ENTITY_NAME VARCHAR (255),
+  ENTITY_TYPE VARCHAR (50),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR (45),
+  WORKFLOW_ID VARCHAR (45),
+  REQUEST_ID VARCHAR (45),
+  UPDATED_AT TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+)ENGINE INNODB;
+
+DROP PROCEDURE IF EXISTS drop_index_if_exists;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..b03630b6
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,485 @@
+declare
+  con_name varchar2(100);
+  command varchar2(200);
+  databasename VARCHAR2(100);
+BEGIN
+  databasename := 'SAMPLE';
+
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH1A_REQUEST_TOKEN' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'R';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH1A_ACCESS_TOKEN' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'R';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH2_ACCESS_TOKEN' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'R';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH2_AUTHORIZATION_CODE' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'R';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH_CONSUMER_APPS' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'P';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH_CONSUMER_APPS DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Primary key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH2_ACCESS_TOKEN' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'P';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Primary key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_AUTH_SESSION_STORE' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'P';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_AUTH_SESSION_STORE DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Primary key not found');
+  end;
+  begin
+    select constraint_name into con_name from all_constraints where table_name='IDN_OAUTH2_AUTHORIZATION_CODE' AND UPPER(owner)=UPPER(databasename) AND constraint_type = 'P';
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Primary key not found');
+  end;
+
+  DECLARE
+  COUNT_INDEXES INTEGER;
+  BEGIN
+    SELECT COUNT(*) INTO COUNT_INDEXES
+      FROM USER_INDEXES
+      WHERE INDEX_NAME = 'IDX_AT_CK_AU';
+
+    IF COUNT_INDEXES > 0 THEN
+      EXECUTE IMMEDIATE 'DROP INDEX IDX_AT_CK_AU';
+    END IF;
+  END;
+
+  DECLARE
+  COUNT_INDEXES INTEGER;
+  BEGIN
+    SELECT COUNT(*) INTO COUNT_INDEXES
+      FROM USER_INDEXES
+      WHERE INDEX_NAME = 'IDX_OAUTH_ACCTKN_CONK_UTYPE';
+
+    IF COUNT_INDEXES > 0 THEN
+      EXECUTE IMMEDIATE 'DROP INDEX IDX_OAUTH_ACCTKN_CONK_UTYPE';
+    END IF;
+  END;
+
+END;
+/
+
+CREATE TABLE IDP_METADATA (
+  ID INTEGER,
+  IDP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDP_METADATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDP_METADATA_TRIG
+BEFORE INSERT
+ON IDP_METADATA
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDP_METADATA_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL'
+/
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL'
+/
+
+CREATE TABLE SP_METADATA (
+  ID INTEGER,
+  SP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE SP_METADATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER SP_METADATA_TRIG
+BEFORE INSERT
+ON SP_METADATA
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT SP_METADATA_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER
+/
+CREATE SEQUENCE IDN_OAUTH_CONSUMER_APPS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OAUTH_CONSUMER_APPS_TRIG
+BEFORE INSERT
+ON IDN_OAUTH_CONSUMER_APPS
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_OAUTH_CONSUMER_APPS_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+UPDATE IDN_OAUTH_CONSUMER_APPS SET ID = IDN_OAUTH_CONSUMER_APPS_SEQ.NEXTVAL
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PRIMARY KEY (ID)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS MODIFY CONSUMER_KEY VARCHAR (255)  NOT NULL
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY)
+/
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER
+/
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN REQUEST_TOKEN set REQUEST_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = REQUEST_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1
+/
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER
+/
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1
+/
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255)
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN ACCESS_TOKEN set ACCESS_TOKEN.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = ACCESS_TOKEN.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT CON_APP_KEY
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD NUMBER(19)
+/
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE' NOT NULL
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID)
+/
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE)
+/
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1
+/
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE'
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255)
+/
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE AUTHORIZATION_CODE set AUTHORIZATION_CODE.CONSUMER_KEY_ID = (select CONSUMER_APPS.ID from IDN_OAUTH_CONSUMER_APPS CONSUMER_APPS where CONSUMER_APPS.CONSUMER_KEY = AUTHORIZATION_CODE.CONSUMER_KEY)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+/
+
+CREATE TABLE IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR2 (255),
+  TOKEN_SCOPE VARCHAR2 (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE))
+/
+
+DROP TABLE IDN_SCIM_PROVIDER
+/
+
+ALTER TABLE IDN_IDENTITY_USER_DATA MODIFY (DATA_VALUE NULL)
+/
+
+UPDATE IDN_ASSOCIATED_ID set IDN_ASSOCIATED_ID.IDP_ID = (SELECT IDP.ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID )
+/
+ALTER TABLE IDN_ASSOCIATED_ID MODIFY (IDP_ID INTEGER)
+/
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR2(255)
+/
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID) REFERENCES IDP (ID) ON DELETE CASCADE
+/
+
+DELETE FROM IDN_AUTH_SESSION_STORE
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY (SESSION_ID NOT NULL)
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY (SESSION_TYPE NOT NULL)
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE MODIFY (TIME_CREATED NUMBER(19) NOT NULL)
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1
+/
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION)
+/
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL
+/
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL
+/
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0'
+/
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL'
+/
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL'
+/
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID
+/
+
+ALTER TABLE SP_INBOUND_AUTH MODIFY (INBOUND_AUTH_KEY NULL)
+/
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255)
+/
+
+CREATE TABLE IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME))
+/
+CREATE TABLE FIDO_DEVICE_STORE (
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(45) NOT NULL,
+  TIME_REGISTERED TIMESTAMP,
+  KEY_HANDLE VARCHAR(200) NOT NULL,
+  DEVICE_DATA VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE))
+/
+
+CREATE TABLE WF_REQUEST (
+  UUID VARCHAR2 (45),
+  CREATED_BY VARCHAR2 (255),
+  TENANT_ID INTEGER DEFAULT -1,
+  OPERATION_TYPE VARCHAR2 (50),
+  CREATED_AT TIMESTAMP,
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR2 (30),
+  REQUEST BLOB,
+  PRIMARY KEY (UUID))
+/
+
+CREATE TABLE WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR2(45),
+  HOST_URL_MANAGER VARCHAR2(45),
+  HOST_URL_WORKER VARCHAR2(45),
+  USERNAME VARCHAR2(45),
+  PASSWORD VARCHAR2(1023),
+  CALLBACK_HOST VARCHAR2 (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID))
+/
+
+CREATE TABLE WF_WORKFLOW(
+  ID VARCHAR2 (45),
+  WF_NAME VARCHAR2 (45),
+  DESCRIPTION VARCHAR2 (255),
+  TEMPLATE_ID VARCHAR2 (45),
+  IMPL_ID VARCHAR2 (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID))
+/
+
+CREATE TABLE WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER,
+  ASSOC_NAME VARCHAR2 (45),
+  EVENT_ID VARCHAR2(45),
+  ASSOC_CONDITION VARCHAR2 (2000),
+  WORKFLOW_ID VARCHAR2 (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE)
+/
+
+CREATE SEQUENCE WF_WORKFLOW_ASSOCIATION_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER WF_WORKFLOW_ASSOCIATION_TRIG
+BEFORE INSERT
+ON WF_WORKFLOW_ASSOCIATION
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT WF_WORKFLOW_ASSOCIATION_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR2 (45),
+  PARAM_NAME VARCHAR2 (45),
+  PARAM_VALUE VARCHAR2 (1000),
+  PARAM_QNAME VARCHAR2 (45),
+  PARAM_HOLDER VARCHAR2 (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE)
+/
+
+CREATE TABLE WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR2 (45),
+  ENTITY_NAME VARCHAR2 (255),
+  ENTITY_TYPE VARCHAR2 (50),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE)
+/
+
+CREATE TABLE WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR2 (45),
+  WORKFLOW_ID VARCHAR2 (45),
+  REQUEST_ID VARCHAR2 (45),
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE)
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..226d6cdf
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,236 @@
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth1a_request_token DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'idn_oauth1a_request_token' AND kcu.column_name = 'consumer_key'; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth1a_access_token DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'idn_oauth1a_access_token' AND kcu.column_name = 'consumer_key'; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth2_access_token DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'idn_oauth2_access_token' AND kcu.column_name = 'consumer_key'; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth2_authorization_code DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'idn_oauth2_authorization_code' AND kcu.column_name = 'consumer_key'; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth_consumer_apps DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'PRIMARY KEY' AND tc.table_name = 'idn_oauth_consumer_apps'; EXECUTE con_name; END $$;
+
+DROP TABLE IF EXISTS IDP_METADATA;
+DROP SEQUENCE IF EXISTS IDP_METADATA_SEQ;
+CREATE SEQUENCE IDP_METADATA_SEQ;
+CREATE TABLE IDP_METADATA (
+  ID INTEGER DEFAULT NEXTVAL('IDP_METADATA_SEQ'),
+  IDP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'SessionIdleTimeout', '15',
+  'Session Idle Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+INSERT INTO IDP_METADATA (IDP_ID, NAME, VALUE, DISPLAY_NAME, TENANT_ID) SELECT ID, 'RememberMeTimeout', '20160', 'RememberMe Timeout', -1234 FROM IDP WHERE TENANT_ID = -1234 AND NAME = 'LOCAL';
+
+DROP TABLE IF EXISTS SP_METADATA;
+DROP SEQUENCE IF EXISTS SP_METADATA_SEQ;
+CREATE SEQUENCE SP_METADATA_SEQ;
+CREATE TABLE SP_METADATA (
+  ID INTEGER DEFAULT NEXTVAL('SP_METADATA_SEQ'),
+  SP_ID INTEGER,
+  NAME VARCHAR(255) NOT NULL,
+  VALUE VARCHAR(255) NOT NULL,
+  DISPLAY_NAME VARCHAR(255),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID),
+  CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+  FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE);
+
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_DOMAIN VARCHAR(50);
+DROP SEQUENCE IF EXISTS IDN_OAUTH_CONSUMER_APPS_PK_SEQ;
+CREATE SEQUENCE IDN_OAUTH_CONSUMER_APPS_PK_SEQ;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD ID INTEGER DEFAULT NEXTVAL('IDN_OAUTH_CONSUMER_APPS_PK_SEQ');
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PRIMARY KEY (ID);
+ALTER TABLE idn_oauth_consumer_apps ALTER COLUMN CONSUMER_KEY TYPE VARCHAR(255) USING CONSUMER_KEY::VARCHAR;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY);
+
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_REQUEST_TOKEN set CONSUMER_KEY_ID = (select ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_REQUEST_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_REQUEST_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+UPDATE IDN_OAUTH1A_ACCESS_TOKEN set CONSUMER_KEY_ID = (select ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH1A_ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+ALTER TABLE IDN_OAUTH1A_ACCESS_TOKEN ADD TENANT_ID INTEGER DEFAULT -1;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth2_access_token DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'PRIMARY KEY' AND tc.table_name = 'idn_oauth2_access_token'; EXECUTE con_name; END $$;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD GRANT_TYPE VARCHAR (50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD SUBJECT_IDENTIFIER VARCHAR(255);
+UPDATE IDN_OAUTH2_ACCESS_TOKEN set CONSUMER_KEY_ID = (select ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_ACCESS_TOKEN.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP CONSTRAINT CON_APP_KEY;
+DROP INDEX IF EXISTS IDX_AT_CK_AU;
+DROP INDEX IF EXISTS IDX_OAUTH_ACCTKN_CONK_UTYPE;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_TIME_CREATED TIMESTAMP;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_TIME_CREATED = TIME_CREATED;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD REFRESH_TOKEN_VALIDITY_PERIOD BIGINT;
+UPDATE IDN_OAUTH2_ACCESS_TOKEN SET REFRESH_TOKEN_VALIDITY_PERIOD = 84600000;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD TOKEN_SCOPE_HASH VARCHAR (32);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TOKEN_STATE_ID TYPE VARCHAR(128) USING TOKEN_STATE_ID::VARCHAR;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN TOKEN_STATE_ID SET DEFAULT 'NONE';
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,TOKEN_STATE,TOKEN_STATE_ID);
+CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TOKEN_STATE, USER_TYPE);
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_OPENID_ASSOCIATIONS ADD TENANT_ID INTEGER DEFAULT -1;
+ALTER TABLE IDN_THRIFT_SESSION ADD TENANT_ID INTEGER DEFAULT -1;
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CONSUMER_KEY_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TENANT_ID INTEGER;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD USER_DOMAIN VARCHAR(50);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD STATE VARCHAR (25) DEFAULT 'ACTIVE';
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD TOKEN_ID VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD CODE_ID VARCHAR (255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD SUBJECT_IDENTIFIER VARCHAR(255);
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth2_authorization_code DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'PRIMARY KEY' AND tc.table_name = 'idn_oauth2_authorization_code'; EXECUTE con_name; END $$;
+UPDATE IDN_OAUTH2_AUTHORIZATION_CODE set CONSUMER_KEY_ID = (select ID from IDN_OAUTH_CONSUMER_APPS where IDN_OAUTH_CONSUMER_APPS.CONSUMER_KEY = IDN_OAUTH2_AUTHORIZATION_CODE.CONSUMER_KEY);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE DROP COLUMN CONSUMER_KEY;
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE;
+
+DROP TABLE IF EXISTS IDN_SCIM_PROVIDER;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA  ALTER COLUMN DATA_VALUE DROP NOT NULL;
+
+UPDATE IDN_ASSOCIATED_ID set IDP_ID = (SELECT ID FROM IDP WHERE IDP.NAME = IDN_ASSOCIATED_ID.IDP_ID AND IDP.TENANT_ID = IDN_ASSOCIATED_ID.TENANT_ID );
+ALTER TABLE IDN_ASSOCIATED_ID ALTER COLUMN IDP_ID TYPE INTEGER USING IDP_ID::INTEGER;
+ALTER TABLE IDN_ASSOCIATED_ID ADD DOMAIN_NAME VARCHAR(255);
+ALTER TABLE IDN_ASSOCIATED_ID ADD FOREIGN KEY (IDP_ID )  REFERENCES IDP (ID) ON DELETE CASCADE;
+
+DELETE FROM IDN_AUTH_SESSION_STORE;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_ID SET NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE DROP DEFAULT;
+ALTER TABLE IDN_AUTH_SESSION_STORE ALTER COLUMN SESSION_TYPE SET NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE DROP COLUMN TIME_CREATED;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD COLUMN TIME_CREATED BIGINT NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD OPERATION VARCHAR(10) NOT NULL;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD TENANT_ID INTEGER DEFAULT -1;
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_auth_session_store DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'PRIMARY KEY' AND tc.table_name = 'idn_auth_session_store'; EXECUTE con_name; END $$;
+ALTER TABLE IDN_AUTH_SESSION_STORE ADD PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION);
+
+ALTER TABLE SP_APP ADD IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1' NOT NULL;
+ALTER TABLE SP_APP ADD IS_DUMB_MODE CHAR(1) DEFAULT '0';
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'IDPProperties' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME) SELECT -1234, ID, 'passivests' FROM IDP WHERE TENANT_ID=-1234 AND NAME='LOCAL';
+
+INSERT INTO  IDP_AUTHENTICATOR_PROPERTY (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY,PROPERTY_VALUE, IS_SECRET ) SELECT -1234, IDP_AUTHENTICATOR.ID , 'IdPEntityId', 'localhost', '0' FROM IDP_AUTHENTICATOR,IDP WHERE IDP_AUTHENTICATOR.TENANT_ID = -1234 AND IDP_AUTHENTICATOR.NAME = 'passivests' AND IDP.NAME='LOCAL' AND IDP.ID = IDP_AUTHENTICATOR.IDP_ID;
+
+ALTER TABLE SP_INBOUND_AUTH ALTER INBOUND_AUTH_KEY DROP NOT NULL;
+
+ALTER TABLE IDP_PROVISIONING_ENTITY ADD ENTITY_LOCAL_ID VARCHAR(255);
+
+DROP TABLE IF EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE;
+CREATE TABLE IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+  TOKEN_ID VARCHAR (255),
+  TOKEN_SCOPE VARCHAR (60),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE));
+
+DROP TABLE IF EXISTS IDN_USER_ACCOUNT_ASSOCIATION;
+CREATE TABLE IDN_USER_ACCOUNT_ASSOCIATION (
+  ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+  TENANT_ID INTEGER,
+  DOMAIN_NAME VARCHAR(255) NOT NULL,
+  USER_NAME VARCHAR(255) NOT NULL,
+  PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME));
+
+DROP TABLE IF EXISTS WF_REQUEST;
+CREATE TABLE WF_REQUEST (
+  UUID VARCHAR (45),
+  CREATED_BY VARCHAR (255),
+  TENANT_ID INTEGER DEFAULT -1,
+  OPERATION_TYPE VARCHAR (50),
+  CREATED_AT TIMESTAMP,
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  REQUEST BYTEA,
+  PRIMARY KEY (UUID)
+);
+
+DROP TABLE IF EXISTS WF_BPS_PROFILE;
+CREATE TABLE WF_BPS_PROFILE (
+  PROFILE_NAME VARCHAR(45),
+  HOST_URL_MANAGER VARCHAR(45),
+  HOST_URL_WORKER VARCHAR(45),
+  USERNAME VARCHAR(45),
+  PASSWORD VARCHAR(255),
+  CALLBACK_HOST VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (PROFILE_NAME, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS WF_WORKFLOW;
+CREATE TABLE WF_WORKFLOW(
+  ID VARCHAR (45),
+  WF_NAME VARCHAR (45),
+  DESCRIPTION VARCHAR (255),
+  TEMPLATE_ID VARCHAR (45),
+  IMPL_ID VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS WF_WORKFLOW_ASSOCIATION;
+DROP SEQUENCE IF EXISTS WF_WORKFLOW_ASSOCIATION_PK_SEQ;
+CREATE SEQUENCE WF_WORKFLOW_ASSOCIATION_PK_SEQ;
+CREATE TABLE WF_WORKFLOW_ASSOCIATION(
+  ID INTEGER DEFAULT NEXTVAL('WF_WORKFLOW_ASSOCIATION_PK_SEQ'),
+  ASSOC_NAME VARCHAR (45),
+  EVENT_ID VARCHAR(45),
+  ASSOC_CONDITION VARCHAR (2000),
+  WORKFLOW_ID VARCHAR (45),
+  IS_ENABLED CHAR (1) DEFAULT '1',
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS WF_WORKFLOW_CONFIG_PARAM;
+CREATE TABLE WF_WORKFLOW_CONFIG_PARAM(
+  WORKFLOW_ID VARCHAR (45),
+  PARAM_NAME VARCHAR (45),
+  PARAM_VALUE VARCHAR (1000),
+  PARAM_QNAME VARCHAR (45),
+  PARAM_HOLDER VARCHAR (45),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (WORKFLOW_ID, PARAM_NAME, PARAM_QNAME, PARAM_HOLDER),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS WF_REQUEST_ENTITY_RELATIONSHIP;
+CREATE TABLE WF_REQUEST_ENTITY_RELATIONSHIP(
+  REQUEST_ID VARCHAR (45),
+  ENTITY_NAME VARCHAR (255),
+  ENTITY_TYPE VARCHAR (50),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY(REQUEST_ID, ENTITY_NAME, ENTITY_TYPE, TENANT_ID),
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS WF_WORKFLOW_REQUEST_RELATION;
+CREATE TABLE WF_WORKFLOW_REQUEST_RELATION(
+  RELATIONSHIP_ID VARCHAR (45),
+  WORKFLOW_ID VARCHAR (45),
+  REQUEST_ID VARCHAR (45),
+  UPDATED_AT TIMESTAMP,
+  STATUS VARCHAR (30),
+  TENANT_ID INTEGER DEFAULT -1,
+  PRIMARY KEY (RELATIONSHIP_ID),
+  FOREIGN KEY (WORKFLOW_ID) REFERENCES WF_WORKFLOW(ID)ON DELETE CASCADE,
+  FOREIGN KEY (REQUEST_ID) REFERENCES WF_REQUEST(UUID)ON DELETE CASCADE
+);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/db2.sql
new file mode 100644
index 00000000..931f3dd9
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/db2.sql
@@ -0,0 +1,12 @@
+BEGIN
+ DECLARE const_name VARCHAR(128);
+ DECLARE STMT VARCHAR(200);
+ select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='UM_HYBRID_USER_ROLE' AND TYPE = 'F';
+ SET STMT = 'ALTER TABLE UM_HYBRID_USER_ROLE DROP FOREIGN KEY ' ||  const_name;
+ PREPARE S1 FROM STMT;
+ EXECUTE S1;
+END
+/
+
+ALTER TABLE UM_HYBRID_USER_ROLE ADD CONSTRAINT UM_HYBRID_USER_ROLE_F1 FOREIGN KEY(UM_ROLE_ID,UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID,UM_TENANT_ID) ON DELETE  CASCADE
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/h2.sql
new file mode 100644
index 00000000..ebd74a8d
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/h2.sql
@@ -0,0 +1,14 @@
+CREATE ALIAS IF NOT EXISTS DROP_FK AS $$ void executeSql(Connection conn, String sql) throws SQLException { conn.createStatement().executeUpdate(sql); } $$;
+
+call drop_fk('ALTER TABLE UM_ROLE_PERMISSION DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'UM_ROLE_PERMISSION' AND COLUMN_LIST  = 'UM_PERMISSION_ID,UM_TENANT_ID'));
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+call drop_fk('ALTER TABLE UM_USER_PERMISSION DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'UM_USER_PERMISSION' AND COLUMN_LIST  = 'UM_PERMISSION_ID,UM_TENANT_ID'));
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+call drop_fk('ALTER TABLE UM_HYBRID_USER_ROLE DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'UM_HYBRID_USER_ROLE' AND COLUMN_LIST  = 'UM_ROLE_ID,UM_TENANT_ID'));
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234;
+
+DROP ALIAS IF EXISTS DROP_FK;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mssql.sql
new file mode 100644
index 00000000..dcedbe09
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mssql.sql
@@ -0,0 +1,13 @@
+DECLARE @COMMAND NVARCHAR(200);SELECT TOP 1 @COMMAND= 'ALTER TABLE UM_ROLE_PERMISSION DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'UM_ROLE_PERMISSION' AND KP.TABLE_NAME='UM_PERMISSION';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT TOP 1 @COMMAND= 'ALTER TABLE UM_USER_PERMISSION DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'UM_USER_PERMISSION' AND KP.TABLE_NAME='UM_PERMISSION';EXEC (@COMMAND);
+
+DECLARE @COMMAND NVARCHAR(200);SELECT TOP 1 @COMMAND= 'ALTER TABLE UM_HYBRID_USER_ROLE DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'UM_HYBRID_USER_ROLE' AND KP.TABLE_NAME='UM_HYBRID_ROLE';EXEC (@COMMAND);
+
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql.sql
new file mode 100644
index 00000000..abc22b69
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql.sql
@@ -0,0 +1,40 @@
+SELECT CONCAT("ALTER TABLE UM_ROLE_PERMISSION DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_ROLE_PERMISSION"
+AND REFERENCED_TABLE_NAME="UM_PERMISSION" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+SELECT CONCAT("ALTER TABLE UM_USER_PERMISSION DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_USER_PERMISSION"
+AND REFERENCED_TABLE_NAME="UM_PERMISSION" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+SELECT CONCAT("ALTER TABLE UM_HYBRID_USER_ROLE DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_HYBRID_USER_ROLE"
+AND REFERENCED_TABLE_NAME="UM_HYBRID_ROLE" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql5.7.sql
new file mode 100644
index 00000000..abc22b69
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/mysql5.7.sql
@@ -0,0 +1,40 @@
+SELECT CONCAT("ALTER TABLE UM_ROLE_PERMISSION DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_ROLE_PERMISSION"
+AND REFERENCED_TABLE_NAME="UM_PERMISSION" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+SELECT CONCAT("ALTER TABLE UM_USER_PERMISSION DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_USER_PERMISSION"
+AND REFERENCED_TABLE_NAME="UM_PERMISSION" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+SELECT CONCAT("ALTER TABLE UM_HYBRID_USER_ROLE DROP FOREIGN KEY ",constraint_name)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = @databasename AND TABLE_NAME = "UM_HYBRID_USER_ROLE"
+AND REFERENCED_TABLE_NAME="UM_HYBRID_ROLE" LIMIT 1;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/oracle.sql
new file mode 100644
index 00000000..f1601bee
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/oracle.sql
@@ -0,0 +1,212 @@
+declare
+  con_name varchar2(100);
+  command varchar2(200);
+  databasename VARCHAR2(100);
+BEGIN
+  databasename := 'SAMPLE';
+
+  begin
+    select a.constraint_name into con_name FROM all_cons_columns a JOIN all_constraints c ON a.owner = c.owner AND a.constraint_name = c.constraint_name JOIN all_constraints c_pk ON c.r_owner = c_pk.owner AND c.r_constraint_name = c_pk.constraint_name WHERE c.constraint_type = 'R' AND a.table_name = 'UM_ROLE_PERMISSION' AND UPPER(a.OWNER)=UPPER(databasename) AND c_pk.table_name='UM_PERMISSION' AND ROWNUM<2;
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE UM_ROLE_PERMISSION DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+
+  begin
+    select a.constraint_name into con_name FROM all_cons_columns a JOIN all_constraints c ON a.owner = c.owner AND a.constraint_name = c.constraint_name JOIN all_constraints c_pk ON c.r_owner = c_pk.owner AND c.r_constraint_name = c_pk.constraint_name WHERE c.constraint_type = 'R' AND a.table_name = 'UM_USER_PERMISSION' AND UPPER(a.OWNER)=UPPER(databasename) AND c_pk.table_name='UM_PERMISSION' AND ROWNUM<2;
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE UM_USER_PERMISSION DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+
+  begin
+    select a.constraint_name into con_name FROM all_cons_columns a JOIN all_constraints c ON a.owner = c.owner AND a.constraint_name = c.constraint_name JOIN all_constraints c_pk ON c.r_owner = c_pk.owner AND c.r_constraint_name = c_pk.constraint_name WHERE c.constraint_type = 'R' AND a.table_name = 'UM_HYBRID_USER_ROLE' AND UPPER(a.OWNER)=UPPER(databasename) AND c_pk.table_name='UM_HYBRID_ROLE' AND ROWNUM<2;
+
+    if TRIM(con_name) is not null
+    then
+      command := 'ALTER TABLE UM_HYBRID_USER_ROLE DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      execute immediate command;
+    end if;
+
+    exception
+    when NO_DATA_FOUND
+    then
+    dbms_output.Put_line('Foreign key not found');
+  end;
+
+END;
+/
+
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE
+/
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE
+/
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE
+/
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234
+/
+
+DELETE FROM UM_CLAIM
+WHERE UM_CLAIM_URI = 'http://wso2.org/claims/passwordTimestamp'
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+VALUES ((SELECT UM_ID
+         FROM UM_DIALECT
+         WHERE UM_DIALECT_URI = 'http://wso2.org/claims' AND UM_TENANT_ID = -1234),
+        'http://wso2.org/claims/username', 'Username', 'Username', 'uid', -1234, 1)
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+  SELECT
+    DIALECT.UM_ID,
+    'http://wso2.org/username',
+    'Username',
+    'Username',
+    'uid',
+    DIALECT.UM_TENANT_ID,
+    1
+  FROM UM_DIALECT DIALECT
+    JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID = TENANT.UM_ID
+  WHERE DIALECT.UM_DIALECT_URI = 'http://wso2.org/claims'
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+VALUES ((SELECT UM_ID
+         FROM UM_DIALECT
+         WHERE UM_DIALECT_URI = 'http://wso2.org/claims' AND UM_TENANT_ID = -1234),
+        'http://wso2.org/claims/identity/failedLoginAttempts', 'Failed Login Attempts', 'Failed Login Attempts',
+        'failedLoginAttempts', -1234, 1)
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+  SELECT
+    DIALECT.UM_ID,
+    'http://wso2.org/claims/identity/failedLoginAttempts',
+    'Failed Login Attempts',
+    'Failed Login Attempts',
+    'failedLoginAttempts',
+    DIALECT.UM_TENANT_ID,
+    1
+  FROM UM_DIALECT DIALECT
+    JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID = TENANT.UM_ID
+  WHERE DIALECT.UM_DIALECT_URI = 'http://wso2.org/claims'
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+VALUES ((SELECT UM_ID
+         FROM UM_DIALECT
+         WHERE UM_DIALECT_URI = 'http://wso2.org/claims' AND UM_TENANT_ID = -1234),
+        'http://wso2.org/claims/identity/unlockTime', 'Unlock Time', 'Unlock Time', 'unlockTime', -1234, 1)
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+  SELECT
+    DIALECT.UM_ID,
+    'http://wso2.org/claims/identity/unlockTime',
+    'Unlock Time',
+    'Unlock Time',
+    'unlockTime',
+    DIALECT.UM_TENANT_ID,
+    1
+  FROM UM_DIALECT DIALECT
+    JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID = TENANT.UM_ID
+  WHERE DIALECT.UM_DIALECT_URI = 'http://wso2.org/claims'
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+VALUES ((SELECT UM_ID
+         FROM UM_DIALECT
+         WHERE UM_DIALECT_URI = 'http://wso2.org/claims' AND UM_TENANT_ID = -1234),
+        'http://wso2.org/claims/displayName', 'Display Name', 'Display Name', 'displayName', -1234, 1)
+/
+
+INSERT INTO UM_CLAIM (
+  UM_DIALECT_ID,
+  UM_CLAIM_URI,
+  UM_DISPLAY_TAG,
+  UM_DESCRIPTION,
+  UM_MAPPED_ATTRIBUTE,
+  UM_TENANT_ID,
+  UM_READ_ONLY)
+  SELECT
+    DIALECT.UM_ID,
+    'http://wso2.org/claims/displayName',
+    'Display Name',
+    'Display Name',
+    'displayName',
+    DIALECT.UM_TENANT_ID,
+    1
+  FROM UM_DIALECT DIALECT
+    JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID = TENANT.UM_ID
+  WHERE DIALECT.UM_DIALECT_URI = 'http://wso2.org/claims'
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/postgresql.sql
new file mode 100644
index 00000000..cf79e756
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.1.0/dbscripts/step1/um/postgresql.sql
@@ -0,0 +1,11 @@
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE um_role_permission DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'um_role_permission' AND ccu.table_name='um_permission' LIMIT 1; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE um_user_permission DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'um_user_permission' AND ccu.table_name='um_permission' LIMIT 1; EXECUTE con_name; END $$;
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE um_hybrid_user_role DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'um_hybrid_user_role' AND ccu.table_name='um_hybrid_role' LIMIT 1; EXECUTE con_name; END $$;
+
+ALTER TABLE UM_ROLE_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+ALTER TABLE UM_USER_PERMISSION ADD FOREIGN KEY (UM_PERMISSION_ID, UM_TENANT_ID) REFERENCES UM_PERMISSION(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+ALTER TABLE UM_HYBRID_USER_ROLE ADD FOREIGN KEY (UM_ROLE_ID, UM_TENANT_ID) REFERENCES UM_HYBRID_ROLE(UM_ID, UM_TENANT_ID) ON DELETE CASCADE;
+
+update UM_PERMISSION set UM_RESOURCE_ID = REPLACE(UM_RESOURCE_ID, '-at-', '-AT-') where UM_TENANT_ID <> -1234;
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..1e146cc3
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,22 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_MANDATORY CHAR(1) DEFAULT '0'
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0'
+/
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE VARCHAR(255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE_METHOD VARCHAR(128)
+/
+
+ALTER TABLE WF_BPS_PROFILE MODIFY HOST_URL_MANAGER VARCHAR2(255)
+/
+ALTER TABLE WF_BPS_PROFILE MODIFY HOST_URL_WORKER VARCHAR2(255)
+/
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL') GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..dfac7879
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,16 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN PKCE_MANDATORY CHAR(1) DEFAULT '0';
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0';
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD COLUMN PKCE_CODE_CHALLENGE VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD COLUMN PKCE_CODE_CHALLENGE_METHOD VARCHAR(128);
+
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_MANAGER VARCHAR(255);
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_WORKER VARCHAR(255);
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..c06f8ff4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,16 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_MANDATORY CHAR(1) DEFAULT '0';
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0';
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE_METHOD VARCHAR(128);
+
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_MANAGER VARCHAR(255);
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_WORKER VARCHAR(255);
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..6a99f2c4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,18 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS
+  ADD COLUMN PKCE_MANDATORY CHAR(1) DEFAULT '0',
+  ADD COLUMN PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0';
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE
+  ADD COLUMN PKCE_CODE_CHALLENGE VARCHAR(255),
+  ADD COLUMN PKCE_CODE_CHALLENGE_METHOD VARCHAR(128);
+
+ALTER TABLE WF_BPS_PROFILE MODIFY COLUMN HOST_URL_MANAGER VARCHAR(255);
+ALTER TABLE WF_BPS_PROFILE MODIFY COLUMN HOST_URL_WORKER VARCHAR(255);
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..6a99f2c4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,18 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS
+  ADD COLUMN PKCE_MANDATORY CHAR(1) DEFAULT '0',
+  ADD COLUMN PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0';
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE
+  ADD COLUMN PKCE_CODE_CHALLENGE VARCHAR(255),
+  ADD COLUMN PKCE_CODE_CHALLENGE_METHOD VARCHAR(128);
+
+ALTER TABLE WF_BPS_PROFILE MODIFY COLUMN HOST_URL_MANAGER VARCHAR(255);
+ALTER TABLE WF_BPS_PROFILE MODIFY COLUMN HOST_URL_WORKER VARCHAR(255);
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..e5939286
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,25 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_MANDATORY CHAR(1) DEFAULT '0'
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0'
+/
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE VARCHAR(255)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD PKCE_CODE_CHALLENGE_METHOD VARCHAR(128)
+/
+
+ALTER TABLE WF_BPS_PROFILE MODIFY HOST_URL_MANAGER VARCHAR2(255)
+/
+ALTER TABLE WF_BPS_PROFILE MODIFY HOST_URL_WORKER VARCHAR2(255)
+/
+ALTER TABLE WF_BPS_PROFILE MODIFY PASSWORD VARCHAR2(1023)
+/
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..d0979ba6
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,16 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN PKCE_MANDATORY CHAR(1) DEFAULT '0';
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0';
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD COLUMN PKCE_CODE_CHALLENGE VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ADD COLUMN PKCE_CODE_CHALLENGE_METHOD VARCHAR(128);
+
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_MANAGER TYPE VARCHAR(255) USING CONSUMER_KEY::VARCHAR;
+ALTER TABLE WF_BPS_PROFILE ALTER COLUMN HOST_URL_WORKER TYPE VARCHAR(255) USING CONSUMER_KEY::VARCHAR;
+
+INSERT INTO IDP_AUTHENTICATOR (TENANT_ID, IDP_ID, NAME, IS_ENABLED)
+  SELECT TENANT_ID, IDP_ID, 'openidconnect', 0
+  FROM IDP_AUTHENTICATOR
+  WHERE IDP_ID
+  IN (SELECT ID FROM IDP WHERE NAME = 'LOCAL')
+  GROUP BY TENANT_ID, IDP_ID
+  HAVING SUM(CASE NAME WHEN 'openidconnect' THEN 1 ELSE 0 END)=0;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/db2.sql
new file mode 100644
index 00000000..7db6c00a
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/db2.sql
@@ -0,0 +1,111 @@
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+CREATE INDEX REG_LOG_IND_BY_P1
+    ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID)/
+
+CREATE INDEX REG_RESOURCE_IND_3
+    ON REG_RESOURCE(REG_UUID)/
+
+CREATE INDEX REG_RESOURCE_IND_4
+    ON REG_RESOURCE(REG_TENANT_ID, REG_UUID)/
+
+CREATE INDEX REG_RESOURCE_IND_5
+    ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE)/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/h2.sql
new file mode 100644
index 00000000..1717f504
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/h2.sql
@@ -0,0 +1,96 @@
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID, 
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG, 
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID, 
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG, 
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+CREATE INDEX REG_LOG_IND_BY_REG_LOGTIME USING HASH ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID);
+CREATE INDEX REG_RESOURCE_IND_BY_UUID USING HASH ON REG_RESOURCE(REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TENANT USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mssql.sql
new file mode 100644
index 00000000..e4ea9ce1
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mssql.sql
@@ -0,0 +1,96 @@
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID, 
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG, 
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+          UM_DIALECT_ID,
+          UM_CLAIM_URI,
+          UM_DISPLAY_TAG,
+          UM_DESCRIPTION,
+          UM_MAPPED_ATTRIBUTE,
+          UM_TENANT_ID,
+          UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+CREATE INDEX REG_LOG_IND_BY_REG_LOGTIME ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID);
+CREATE INDEX REG_RESOURCE_IND_BY_UUID ON REG_RESOURCE(REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TENANT ON REG_RESOURCE(REG_TENANT_ID, REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql.sql
new file mode 100644
index 00000000..be9e89d2
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql.sql
@@ -0,0 +1,96 @@
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID, 
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG, 
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+CREATE INDEX REG_LOG_IND_BY_REG_LOGTIME USING HASH ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID);
+CREATE INDEX REG_RESOURCE_IND_BY_UUID USING HASH ON REG_RESOURCE(REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TENANT USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql5.7.sql
new file mode 100644
index 00000000..53cf7c78
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/mysql5.7.sql
@@ -0,0 +1,96 @@
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+CREATE INDEX REG_LOG_IND_BY_REG_LOGTIME USING HASH ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID);
+CREATE INDEX REG_RESOURCE_IND_BY_UUID USING HASH ON REG_RESOURCE(REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TENANT USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE USING HASH ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/oracle.sql
new file mode 100644
index 00000000..2399d0c7
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/oracle.sql
@@ -0,0 +1,111 @@
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1)
+/
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims'
+/
+
+CREATE INDEX REG_LOG_IND_BY_REGLOG ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID)
+/
+CREATE INDEX REG_RESOURCE_IND_BY_UUID ON REG_RESOURCE(REG_UUID)
+/
+CREATE INDEX REG_RESOURCE_IND_BY_TENAN ON REG_RESOURCE(REG_TENANT_ID, REG_UUID)
+/
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE)
+/
+
+UPDATE UM_CLAIM SET UM_CLAIM_URI = 'urn:scim:schemas:core:1.0:locale' WHERE UM_CLAIM_URI = 'urn:scim:schemas:core:1.0:local'
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/postgresql.sql
new file mode 100644
index 00000000..1b985e8c
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.2.0/dbscripts/step1/um/postgresql.sql
@@ -0,0 +1,96 @@
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID, 
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG, 
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastLoginTime','Last Login Time','Last Login Time','carLicense',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/lastLoginTime',
+           'Last Login Time',
+           'Last Login Time',
+           'carLicense',
+	   DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+            UM_DIALECT_ID,
+            UM_CLAIM_URI,
+            UM_DISPLAY_TAG,
+            UM_DESCRIPTION,
+            UM_MAPPED_ATTRIBUTE,
+            UM_TENANT_ID,
+            UM_READ_ONLY,
+            UM_SUPPORTED,
+            UM_REQUIRED,
+            UM_DISPLAY_ORDER,
+            UM_CHECKED_ATTRIBUTE)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/lastPasswordUpdateTime','Last Password Update','Last Password Update','businessCategory',-1234,1,0,0,7,0);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	'http://wso2.org/claims/identity/lastPasswordUpdateTime',
+        'Last Password Update',
+        'Last Password Update',
+        'businessCategory',
+        DIALECT.UM_TENANT_ID,
+        1
+        FROM UM_DIALECT as DIALECT JOIN UM_TENANT as TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+INSERT INTO UM_CLAIM (
+      UM_DIALECT_ID,
+      UM_CLAIM_URI,
+      UM_DISPLAY_TAG,
+      UM_DESCRIPTION,
+      UM_MAPPED_ATTRIBUTE,
+      UM_TENANT_ID,
+      UM_READ_ONLY)
+VALUES ((SELECT UM_ID FROM UM_DIALECT WHERE UM_DIALECT_URI='http://wso2.org/claims' AND UM_TENANT_ID=-1234),
+'http://wso2.org/claims/identity/accountDisabled','Account Disabled','Account Disabled','ref',-1234,1);
+
+INSERT INTO UM_CLAIM (
+           UM_DIALECT_ID,
+           UM_CLAIM_URI,
+           UM_DISPLAY_TAG,
+           UM_DESCRIPTION,
+           UM_MAPPED_ATTRIBUTE,
+           UM_TENANT_ID,
+           UM_READ_ONLY)
+SELECT DIALECT.UM_ID,
+	   'http://wso2.org/claims/identity/accountDisabled',
+           'Account Disabled',
+           'Account Disabled',
+           'ref',
+	         DIALECT.UM_TENANT_ID,
+           1
+           FROM UM_DIALECT DIALECT JOIN UM_TENANT TENANT ON DIALECT.UM_TENANT_ID=TENANT.UM_ID WHERE DIALECT.UM_DIALECT_URI='http://wso2.org/claims';
+
+CREATE INDEX REG_LOG_IND_BY_REG_LOGTIME ON REG_LOG(REG_LOGGED_TIME, REG_TENANT_ID);
+CREATE INDEX REG_RESOURCE_IND_BY_UUID  ON REG_RESOURCE(REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TENANT ON REG_RESOURCE(REG_TENANT_ID, REG_UUID);
+CREATE INDEX REG_RESOURCE_IND_BY_TYPE ON REG_RESOURCE(REG_TENANT_ID, REG_MEDIA_TYPE);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/claim-config.xml b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/claim-config.xml
new file mode 100644
index 00000000..7b4e5dd8
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/claim-config.xml
@@ -0,0 +1,279 @@
+<!--
+ ~ Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ ~
+ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~    http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<ClaimConfig>
+    <Dialects>
+        <Dialect dialectURI="http://wso2.org/claims">
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/userid</ClaimURI>
+                <DisplayName>User ID</DisplayName>
+                <AttributeID>scimId</AttributeID>
+                <Description>Unique ID of the user</Description>
+                <ReadOnly/>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/externalid</ClaimURI>
+                <DisplayName>External User ID</DisplayName>
+                <AttributeID>externalId</AttributeID>
+                <Description>Unique ID of the user used in external systems</Description>
+                <ReadOnly/>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/created</ClaimURI>
+                <DisplayName>Created Time</DisplayName>
+                <AttributeID>createdDate</AttributeID>
+                <Description>Created timestamp of the user</Description>
+                <ReadOnly/>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/modified</ClaimURI>
+                <DisplayName>Last Modified Time</DisplayName>
+                <AttributeID>lastModifiedDate</AttributeID>
+                <Description>Last Modified timestamp of the user</Description>
+                <ReadOnly/>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/location</ClaimURI>
+                <DisplayName>Location</DisplayName>
+                <AttributeID>location</AttributeID>
+                <Description>Location</Description>
+            </Claim>
+
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/formattedName</ClaimURI>
+                <DisplayName>Name - Formatted Name</DisplayName>
+                <AttributeID>formattedName</AttributeID>
+                <Description>Formatted Name</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/middleName</ClaimURI>
+                <DisplayName>Middle Name</DisplayName>
+                <AttributeID>middleName</AttributeID>
+                <Description>Middle Name</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/honorificPrefix</ClaimURI>
+                <DisplayName>Name - Honoric Prefix</DisplayName>
+                <AttributeID>honoricPrefix</AttributeID>
+                <Description>Honoric Prefix</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/honorificSuffix</ClaimURI>
+                <DisplayName>Name - Honoric Suffix</DisplayName>
+                <AttributeID>honoricSuffix</AttributeID>
+                <Description>Honoric Suffix</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/userType</ClaimURI>
+                <DisplayName>User Type</DisplayName>
+                <AttributeID>userType</AttributeID>
+                <Description>User Type</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/preferredLanguage</ClaimURI>
+                <DisplayName>Preferred Language</DisplayName>
+                <AttributeID>preferredLanguage</AttributeID>
+                <Description>Preferred Language</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/local</ClaimURI>
+                <DisplayName>Local</DisplayName>
+                <AttributeID>local</AttributeID>
+                <Description>Local</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/timeZone</ClaimURI>
+                <DisplayName>Time Zone</DisplayName>
+                <AttributeID>timeZone</AttributeID>
+                <Description>Time Zone</Description>
+            </Claim>
+
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/emails.work</ClaimURI>
+                <DisplayName>Emails - Work Email</DisplayName>
+                <AttributeID>workEmail</AttributeID>
+                <Description>Work Email</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/emails.home</ClaimURI>
+                <DisplayName>Emails - Home Email</DisplayName>
+                <AttributeID>homeEmail</AttributeID>
+                <Description>Home Email</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/emails.other</ClaimURI>
+                <DisplayName>Emails - Other Email</DisplayName>
+                <AttributeID>otherEmail</AttributeID>
+                <Description>Other Email</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers</ClaimURI>
+                <DisplayName>Phone Numbers</DisplayName>
+                <AttributeID>phoneNumbers</AttributeID>
+                <Description>Phone Numbers</Description>
+                <RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers.home</ClaimURI>
+                <DisplayName>Phone Numbers - Home Phone Number</DisplayName>
+                <AttributeID>homePhone</AttributeID>
+                <Description>Home Phone</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers.work</ClaimURI>
+                <DisplayName>Phone Numbers - Work Phone Number</DisplayName>
+                <AttributeID>workPhone</AttributeID>
+                <Description>Work Phone</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers.fax</ClaimURI>
+                <DisplayName>Phone Numbers - Fax Number</DisplayName>
+                <AttributeID>fax</AttributeID>
+                <Description>Fax Number</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers.pager</ClaimURI>
+                <DisplayName>Phone Numbers - Pager Number</DisplayName>
+                <AttributeID>pager</AttributeID>
+                <Description>Pager Number</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/phoneNumbers.other</ClaimURI>
+                <DisplayName>Phone Numbers - Other</DisplayName>
+                <AttributeID>otherPhoneNumber</AttributeID>
+                <Description>Other Phone Number</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/gtalk</ClaimURI>
+                <DisplayName>IM - Gtalk</DisplayName>
+                <AttributeID>imGtalk</AttributeID>
+                <Description>IM - Gtalk</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/skype</ClaimURI>
+                <DisplayName>IM - Skype</DisplayName>
+                <AttributeID>imSkype</AttributeID>
+                <Description>IM - Skype</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/photos</ClaimURI>
+                <DisplayName>Photo</DisplayName>
+                <AttributeID>photos</AttributeID>
+                <Description>Photo</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/photourl</ClaimURI>
+                <DisplayName>Photo URIL</DisplayName>
+                <AttributeID>photoUrl</AttributeID>
+                <Description>Photo URL</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/thumbnail</ClaimURI>
+                <DisplayName>Photo - Thumbnail</DisplayName>
+                <AttributeID>thumbnail</AttributeID>
+                <Description>Photo - Thumbnail</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/addresses</ClaimURI>
+                <DisplayName>Address</DisplayName>
+                <AttributeID>addresses</AttributeID>
+                <Description>Address</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/addresses.formatted</ClaimURI>
+                <DisplayName>Address - Formatted</DisplayName>
+                <AttributeID>formattedAddress</AttributeID>
+                <Description>Address - Formatted</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/addresses.locality</ClaimURI>
+                <DisplayName>Address - Locality</DisplayName>
+                <AttributeID>localityAddress</AttributeID>
+                <Description>Address - Locality</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/groups</ClaimURI>
+                <DisplayName>Groups</DisplayName>
+                <AttributeID>groups</AttributeID>
+                <Description>Groups</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/verifyEmail</ClaimURI>
+                <DisplayName>Verify Email</DisplayName>
+                <AttributeID>manager</AttributeID>
+                <Description>Temporary claim to invoke email verified feature</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/askPassword</ClaimURI>
+                <DisplayName>Ask Password</DisplayName>
+                <AttributeID>postOfficeBox</AttributeID>
+                <Description>Temporary claim to invoke email ask Password feature</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/adminForcedPasswordReset</ClaimURI>
+                <DisplayName>Force Password Reset</DisplayName>
+                <AttributeID>departmentNumber</AttributeID>
+                <Description>Temporary claim to invoke email force password feature</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/entitlements</ClaimURI>
+                <DisplayName>Entitlements</DisplayName>
+                <AttributeID>entitlements</AttributeID>
+                <Description>Entitlements</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/x509Certificates</ClaimURI>
+                <DisplayName>X509Certificates</DisplayName>
+                <AttributeID>x509Certificates</AttributeID>
+                <Description>X509Certificates</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/failedPasswordRecoveryAttempts</ClaimURI>
+                <DisplayName>Failed Password Recovery Attempts</DisplayName>
+                <AttributeID>postalCode</AttributeID>
+                <Description>Number of consecutive failed attempts done for password recovery</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/emailVerified</ClaimURI>
+                <DisplayName>Email Verified</DisplayName>
+                <!-- Proper attribute Id in your user store must be configured for this -->
+                <AttributeID>postalAddress</AttributeID>
+                <Description>Email Verified</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/failedLoginLockoutCount</ClaimURI>
+                <DisplayName>Failed Lockout Count</DisplayName>
+                <!-- Proper attribute Id in your user store must be configured for this -->
+                <AttributeID>employeeNumber</AttributeID>
+                <Description>Failed Lockout Count</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/identity/lastLogonTime</ClaimURI>
+                <DisplayName>Last Logon</DisplayName>
+                <!-- Proper attribute Id in your user store must be configured for this -->
+                <AttributeID>carLicense</AttributeID>
+                <Description>Last Logon Time</Description>
+            </Claim>
+            <Claim>
+                <ClaimURI>http://wso2.org/claims/active</ClaimURI>
+                <DisplayName>Active</DisplayName>
+                <AttributeID>active</AttributeID>
+                <Description>Status of the account</Description>
+            </Claim>
+        </Dialect>
+    </Dialects>
+</ClaimConfig>
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/resources.xml b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/resources.xml
new file mode 100644
index 00000000..e985d06c
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/data/resources.xml
@@ -0,0 +1,99 @@
+<!--
+  ~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<permissions>
+    <permission old="/permission/admin/configure/security">
+        <new>/permission/admin/manage/identity</new>
+    </permission>
+    <permission old="/permission/admin/manage/modify/service">
+        <new>/permission/admin/manage/identity/keystoremgt/view</new>
+        <new>/permission/admin/manage/identity/securitymgt</new>
+        <new>/permission/admin/manage/identity/rolemgt/view</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/usermgt/users">
+        <new>/permission/admin/manage/identity/usermgt/create</new>
+        <new>/permission/admin/manage/identity/identitymgt/delete</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/usermgt/passwords">
+        <new>/permission/admin/manage/identity/usermgt/update</new>
+        <new>/permission/admin/manage/identity/usermgt/delete</new>
+        <new>/permission/admin/manage/identity/usermgt/view</new>
+        <new>/permission/admin/manage/identity/usermgt/list</new>
+        <new>/permission/admin/manage/identity/identitymgt/update</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/usermgt">
+        <new>/permission/admin/manage/identity/usermgt</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/usermgt/profiles">
+        <new>/permission/admin/manage/identity/userprofile</new>
+        <new>/permission/admin/manage/identity/usermgt/list</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/publish">
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/create</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/delete</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/create</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/view</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/list</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/publish</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/subscriber/update</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/demote">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/demote</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/enable">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/enable</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/view">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/view</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/list</new>
+        <new>/permission/admin/manage/identity/entitlement/pdp/view</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/add">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/create</new>
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/update</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/order">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/order</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/delete">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/delete</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/rollback">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/rollback</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/edit">
+        <new>/permission/admin/manage/identity/entitlement/pap/policy/update</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/usermgt/">
+        <new>/permission/admin/manage/identity/userstore/count/view</new>
+    </permission>
+    <permission old="/permission/admin/configure/security/rolemgt">
+        <new>/permission/admin/manage/identity/rolemgt/view</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/pdp/manage">
+        <new>/permission/admin/manage/identity/entitlement/pdp/manage</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/policy/manage/test">
+        <new>/permission/admin/manage/identity/entitlement/pdp/test</new>
+    </permission>
+    <permission old="/permission/admin/configure/entitlement/pdp/view">
+        <new>/permission/admin/manage/identity/entitlement/pdp/view</new>
+    </permission>
+    <permission old="/permission/admin/manage/identity/pep">
+        <new>/permission/admin/manage/identity/applicationmgt</new>
+    </permission>
+</permissions>
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..cee1c290
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,181 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN APP_STATE VARCHAR (25) DEFAULT 'ACTIVE'
+/
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN)
+/
+ALTER TABLE SP_APP ADD COLUMN ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0'
+/
+ALTER TABLE SP_INBOUND_AUTH ADD COLUMN INBOUND_CONFIG_TYPE VARCHAR(255) DEFAULT NULL
+/
+ALTER TABLE SP_CLAIM_MAPPING ADD COLUMN IS_MANDATORY VARCHAR(128) DEFAULT '0'
+/
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD COLUMN RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0'
+/
+ALTER TABLE IDP_PROVISIONING_CONFIG ADD COLUMN IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0'
+/
+
+CREATE TABLE IDN_RECOVERY_DATA (
+    USER_NAME VARCHAR(255) NOT NULL,
+    USER_DOMAIN VARCHAR(127) NOT NULL,
+    TENANT_ID INTEGER DEFAULT -1,
+    CODE VARCHAR(255) NOT NULL,
+    SCENARIO VARCHAR(255) NOT NULL,
+    STEP VARCHAR(127) NOT NULL,
+    TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    REMAINING_SETS VARCHAR(2500) DEFAULT NULL),
+    PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
+UNIQUE(CODE)
+    /
+
+CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
+    ID INTEGER NOT NULL,
+    USER_NAME   VARCHAR(255) NOT NULL,
+    USER_DOMAIN VARCHAR(127) NOT NULL,
+    TENANT_ID   INTEGER DEFAULT -1,
+    SALT_VALUE  VARCHAR(255),
+    HASH        VARCHAR(255) NOT NULL,
+    TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (ID),
+    UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH)
+)
+    /
+
+CREATE SEQUENCE IDN_PASSWORD_HISTORY_DATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+
+CREATE TRIGGER IDN_PASSWORD_HISTORY_DATA NO CASCADE
+BEFORE INSERT
+ON IDN_PASSWORD_HISTORY_DATA
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_PASSWORD_HISTORY_DATA_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_CLAIM_DIALECT (
+    ID INTEGER NOT NULL,
+    DIALECT_URI VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID))
+    /
+CREATE SEQUENCE IDN_CLAIM_DIALECT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+CREATE TRIGGER IDN_CLAIM_DIALECT_TRIG NO CASCADE
+BEFORE INSERT
+ON IDN_CLAIM_DIALECT
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_CLAIM_DIALECT_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_CLAIM (
+    ID INTEGER NOT NULL,
+    DIALECT_ID INTEGER,
+    CLAIM_URI VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE,
+    CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID))
+    /
+CREATE SEQUENCE IDN_CLAIM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+CREATE TRIGGER IDN_CLAIM_TRIG NO CASCADE
+BEFORE INSERT
+ON IDN_CLAIM
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_CLAIM_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_CLAIM_MAPPED_ATTRIBUTE (
+    ID INTEGER NOT NULL,
+    LOCAL_CLAIM_ID INTEGER,
+    USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL,
+    ATTRIBUTE_NAME VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID))
+    /
+CREATE SEQUENCE IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+CREATE TRIGGER IDN_CLAIM_MAPPED_ATTR_TRIG NO CASCADE
+BEFORE INSERT
+ON IDN_CLAIM_MAPPED_ATTRIBUTE
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_CLAIM_PROPERTY (
+    ID INTEGER NOT NULL,
+    LOCAL_CLAIM_ID INTEGER,
+    PROPERTY_NAME VARCHAR (255) NOT NULL,
+    PROPERTY_VALUE VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID))
+    /
+CREATE SEQUENCE IDN_CLAIM_PROPERTY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+CREATE TRIGGER IDN_CLAIM_PROPERTY_TRIG NO CASCADE
+BEFORE INSERT
+ON IDN_CLAIM_PROPERTY
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_CLAIM_PROPERTY_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_CLAIM_MAPPING (
+    ID INTEGER NOT NULL,
+    EXT_CLAIM_ID INTEGER NOT NULL,
+    MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID))
+    /
+CREATE SEQUENCE IDN_CLAIM_MAPPING_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+    /
+CREATE TRIGGER IDN_CLAIM_MAPPING_TRIG NO CASCADE
+BEFORE INSERT
+ON IDN_CLAIM_MAPPING
+REFERENCING NEW AS NEW
+FOR EACH ROW MODE DB2SQL
+    BEGIN ATOMIC
+        SET (NEW.ID) = (NEXTVAL FOR IDN_CLAIM_MAPPING_SEQ);
+    END
+        /
+
+CREATE TABLE IDN_SAML2_ASSERTION_STORE (
+    ID INTEGER NOT NULL,
+    SAML2_ID  VARCHAR(255) ,
+    SAML2_ISSUER  VARCHAR(255) ,
+    SAML2_SUBJECT  VARCHAR(255) ,
+    SAML2_SESSION_INDEX  VARCHAR(255) ,
+    SAML2_AUTHN_CONTEXT_CLASS_REF  VARCHAR(255) ,
+    SAML2_ASSERTION  VARCHAR(4096) ,
+    PRIMARY KEY (ID)
+        /
+        CREATE SEQUENCE IDN_SAML2_ASSERTION_STORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+        /
+        CREATE TRIGGER IDN_SAML2_ASSERTION_STORE_TRIG NO CASCADE
+        BEFORE INSERT
+        ON IDN_SAML2_ASSERTION_STORE
+        REFERENCING NEW AS NEW
+        FOR EACH ROW MODE DB2SQL
+        BEGIN ATOMIC
+    SET (NEW.ID) = (NEXTVAL FOR IDN_SAML2_ASSERTION_STORE_SEQ);
+END
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..6cee2918
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,94 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN APP_STATE VARCHAR(25) DEFAULT 'ACTIVE';
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+ALTER TABLE SP_APP ADD COLUMN ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0';
+ALTER TABLE SP_INBOUND_AUTH ADD COLUMN INBOUND_CONFIG_TYPE VARCHAR(255) NOT NULL;
+ALTER TABLE SP_CLAIM_MAPPING ADD COLUMN IS_MANDATORY VARCHAR(128) DEFAULT '0';
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD COLUMN RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+ALTER TABLE IDP_PROVISIONING_CONFIG ADD COLUMN IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
+  USER_NAME VARCHAR(255) NOT NULL,
+  USER_DOMAIN VARCHAR(127) NOT NULL,
+  TENANT_ID INTEGER DEFAULT -1,
+  CODE VARCHAR(255) NOT NULL,
+  SCENARIO VARCHAR(255) NOT NULL,
+  STEP VARCHAR(127) NOT NULL,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  REMAINING_SETS VARCHAR(2500) DEFAULT NULL,
+  PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
+  UNIQUE(CODE)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  USER_NAME   VARCHAR(255) NOT NULL,
+  USER_DOMAIN VARCHAR(127) NOT NULL,
+  TENANT_ID   INTEGER DEFAULT -1,
+  SALT_VALUE  VARCHAR(255),
+  HASH        VARCHAR(255) NOT NULL,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (ID),
+  UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH),
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  DIALECT_URI VARCHAR (255) NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  DIALECT_ID INTEGER,
+  CLAIM_URI VARCHAR (255) NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE,
+  CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID INTEGER,
+  USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL,
+  ATTRIBUTE_NAME VARCHAR (255) NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+  CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID INTEGER,
+  PROPERTY_NAME VARCHAR (255) NOT NULL,
+  PROPERTY_VALUE VARCHAR (255) NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+  CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  EXT_CLAIM_ID INTEGER NOT NULL,
+  MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+  TENANT_ID INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+  FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+  CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID),
+);
+
+CREATE TABLE IF NOT EXISTS  IDN_SAML2_ASSERTION_STORE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  SAML2_ID  VARCHAR(255) ,
+  SAML2_ISSUER  VARCHAR(255) ,
+  SAML2_SUBJECT  VARCHAR(255) ,
+  SAML2_SESSION_INDEX  VARCHAR(255) ,
+  SAML2_AUTHN_CONTEXT_CLASS_REF  VARCHAR(255) ,
+  SAML2_ASSERTION  VARCHAR(4096) ,
+  PRIMARY KEY (ID)
+);
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..17c8ade4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,103 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_STATE VARCHAR (25) DEFAULT 'ACTIVE';
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+ALTER TABLE SP_APP ADD ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0';
+ALTER TABLE SP_INBOUND_AUTH ADD INBOUND_CONFIG_TYPE VARCHAR(255) DEFAULT NULL;
+ALTER TABLE SP_CLAIM_MAPPING ADD IS_MANDATORY VARCHAR(128) DEFAULT '0';
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+ALTER TABLE IDP_PROVISIONING_CONFIG ADD IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_RECOVERY_DATA]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_RECOVERY_DATA (
+    USER_NAME VARCHAR(255) NOT NULL,
+    USER_DOMAIN VARCHAR(127) NOT NULL,
+    TENANT_ID INTEGER DEFAULT -1,
+    CODE VARCHAR(255) NOT NULL,
+    SCENARIO VARCHAR(255) NOT NULL,
+    STEP VARCHAR(127) NOT NULL,
+    TIME_CREATED DATETIME NOT NULL,
+    REMAINING_SETS VARCHAR(2500) DEFAULT NULL,
+    PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
+    UNIQUE(CODE)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_PASSWORD_HISTORY_DATA]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
+    ID INTEGER NOT NULL IDENTITY ,
+    USER_NAME   VARCHAR(255) NOT NULL,
+    USER_DOMAIN VARCHAR(127) NOT NULL,
+    TENANT_ID   INTEGER DEFAULT -1,
+    SALT_VALUE  VARCHAR(255),
+    HASH        VARCHAR(255) NOT NULL,
+    TIME_CREATED DATETIME NOT NULL,
+    PRIMARY KEY (ID),
+    UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH),
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CLAIM_DIALECT]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_CLAIM_DIALECT (
+    ID INTEGER NOT NULL IDENTITY,
+    DIALECT_URI VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CLAIM]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_CLAIM (
+    ID INTEGER NOT NULL IDENTITY,
+    DIALECT_ID INTEGER,
+    CLAIM_URI VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE,
+    CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CLAIM_MAPPED_ATTRIBUTE]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_CLAIM_MAPPED_ATTRIBUTE (
+    ID INTEGER NOT NULL IDENTITY,
+    LOCAL_CLAIM_ID INTEGER,
+    USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL,
+    ATTRIBUTE_NAME VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CLAIM_PROPERTY]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_CLAIM_PROPERTY (
+    ID INTEGER NOT NULL IDENTITY,
+    LOCAL_CLAIM_ID INTEGER,
+    PROPERTY_NAME VARCHAR (255) NOT NULL,
+    PROPERTY_VALUE VARCHAR (255) NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CLAIM_MAPPING]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_CLAIM_MAPPING (
+    ID INTEGER NOT NULL IDENTITY,
+    EXT_CLAIM_ID INTEGER NOT NULL,
+    MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+    TENANT_ID INTEGER NOT NULL,
+    PRIMARY KEY (ID),
+    FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+    FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE NO ACTION,
+    CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+  );
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_SAML2_ASSERTION_STORE]') AND TYPE IN (N'U'))
+  CREATE TABLE IDN_SAML2_ASSERTION_STORE (
+    ID INTEGER NOT NULL IDENTITY,
+    SAML2_ID  VARCHAR(255),
+    SAML2_ISSUER  VARCHAR(255),
+    SAML2_SUBJECT  VARCHAR(255),
+    SAML2_SESSION_INDEX  VARCHAR(255),
+    SAML2_AUTHN_CONTEXT_CLASS_REF  VARCHAR(255),
+    SAML2_ASSERTION  VARCHAR(4096),
+    PRIMARY KEY (ID)
+  );
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..f81c02d0
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,119 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS
+ADD COLUMN APP_STATE VARCHAR(25) DEFAULT 'ACTIVE';
+
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+
+ALTER TABLE SP_APP
+ADD COLUMN ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0';
+
+ALTER TABLE SP_INBOUND_AUTH
+ADD COLUMN INBOUND_CONFIG_TYPE VARCHAR(255) NOT NULL;
+
+ALTER TABLE SP_CLAIM_MAPPING
+ADD COLUMN IS_MANDATORY VARCHAR(128) DEFAULT '0';
+
+ALTER TABLE SP_PROVISIONING_CONNECTOR
+ADD COLUMN RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+ALTER TABLE IDP_PROVISIONING_CONFIG
+ADD COLUMN IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
+  USER_NAME      VARCHAR(255) NOT NULL,
+  USER_DOMAIN    VARCHAR(127) NOT NULL,
+  TENANT_ID      INTEGER               DEFAULT -1,
+  CODE           VARCHAR(255) NOT NULL,
+  SCENARIO       VARCHAR(255) NOT NULL,
+  STEP           VARCHAR(127) NOT NULL,
+  TIME_CREATED   TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  REMAINING_SETS VARCHAR(2500)         DEFAULT NULL,
+  PRIMARY KEY (USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO, STEP),
+  UNIQUE (CODE)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA (
+  ID           INTEGER      NOT NULL AUTO_INCREMENT,
+  USER_NAME    VARCHAR(255) NOT NULL,
+  USER_DOMAIN  VARCHAR(127) NOT NULL,
+  TENANT_ID    INTEGER               DEFAULT -1,
+  SALT_VALUE   VARCHAR(255),
+  HASH         VARCHAR(255) NOT NULL,
+  TIME_CREATED TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (ID),
+  UNIQUE (USER_NAME, USER_DOMAIN, TENANT_ID, SALT_VALUE, HASH)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT (
+  ID          INTEGER      NOT NULL AUTO_INCREMENT,
+  DIALECT_URI VARCHAR(255) NOT NULL,
+  TENANT_ID   INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM (
+  ID         INTEGER      NOT NULL AUTO_INCREMENT,
+  DIALECT_ID INTEGER,
+  CLAIM_URI  VARCHAR(255) NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE (
+  ID                     INTEGER      NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID         INTEGER,
+  USER_STORE_DOMAIN_NAME VARCHAR(255) NOT NULL,
+  ATTRIBUTE_NAME         VARCHAR(255) NOT NULL,
+  TENANT_ID              INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY (
+  ID             INTEGER      NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID INTEGER,
+  PROPERTY_NAME  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE VARCHAR(255) NOT NULL,
+  TENANT_ID      INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING (
+  ID                    INTEGER NOT NULL AUTO_INCREMENT,
+  EXT_CLAIM_ID          INTEGER NOT NULL,
+  MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+  TENANT_ID             INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_SAML2_ASSERTION_STORE (
+  ID                            INTEGER NOT NULL AUTO_INCREMENT,
+  SAML2_ID                      VARCHAR(255),
+  SAML2_ISSUER                  VARCHAR(255),
+  SAML2_SUBJECT                 VARCHAR(255),
+  SAML2_SESSION_INDEX           VARCHAR(255),
+  SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255),
+  SAML2_ASSERTION               VARCHAR(4096),
+  PRIMARY KEY (ID)
+)
+  ENGINE INNODB;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..f81c02d0
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,119 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS
+ADD COLUMN APP_STATE VARCHAR(25) DEFAULT 'ACTIVE';
+
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+
+ALTER TABLE SP_APP
+ADD COLUMN ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0';
+
+ALTER TABLE SP_INBOUND_AUTH
+ADD COLUMN INBOUND_CONFIG_TYPE VARCHAR(255) NOT NULL;
+
+ALTER TABLE SP_CLAIM_MAPPING
+ADD COLUMN IS_MANDATORY VARCHAR(128) DEFAULT '0';
+
+ALTER TABLE SP_PROVISIONING_CONNECTOR
+ADD COLUMN RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+ALTER TABLE IDP_PROVISIONING_CONFIG
+ADD COLUMN IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
+  USER_NAME      VARCHAR(255) NOT NULL,
+  USER_DOMAIN    VARCHAR(127) NOT NULL,
+  TENANT_ID      INTEGER               DEFAULT -1,
+  CODE           VARCHAR(255) NOT NULL,
+  SCENARIO       VARCHAR(255) NOT NULL,
+  STEP           VARCHAR(127) NOT NULL,
+  TIME_CREATED   TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  REMAINING_SETS VARCHAR(2500)         DEFAULT NULL,
+  PRIMARY KEY (USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO, STEP),
+  UNIQUE (CODE)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA (
+  ID           INTEGER      NOT NULL AUTO_INCREMENT,
+  USER_NAME    VARCHAR(255) NOT NULL,
+  USER_DOMAIN  VARCHAR(127) NOT NULL,
+  TENANT_ID    INTEGER               DEFAULT -1,
+  SALT_VALUE   VARCHAR(255),
+  HASH         VARCHAR(255) NOT NULL,
+  TIME_CREATED TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (ID),
+  UNIQUE (USER_NAME, USER_DOMAIN, TENANT_ID, SALT_VALUE, HASH)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT (
+  ID          INTEGER      NOT NULL AUTO_INCREMENT,
+  DIALECT_URI VARCHAR(255) NOT NULL,
+  TENANT_ID   INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM (
+  ID         INTEGER      NOT NULL AUTO_INCREMENT,
+  DIALECT_ID INTEGER,
+  CLAIM_URI  VARCHAR(255) NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE (
+  ID                     INTEGER      NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID         INTEGER,
+  USER_STORE_DOMAIN_NAME VARCHAR(255) NOT NULL,
+  ATTRIBUTE_NAME         VARCHAR(255) NOT NULL,
+  TENANT_ID              INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY (
+  ID             INTEGER      NOT NULL AUTO_INCREMENT,
+  LOCAL_CLAIM_ID INTEGER,
+  PROPERTY_NAME  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE VARCHAR(255) NOT NULL,
+  TENANT_ID      INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING (
+  ID                    INTEGER NOT NULL AUTO_INCREMENT,
+  EXT_CLAIM_ID          INTEGER NOT NULL,
+  MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+  TENANT_ID             INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID)
+    ON DELETE CASCADE,
+  CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+)
+  ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_SAML2_ASSERTION_STORE (
+  ID                            INTEGER NOT NULL AUTO_INCREMENT,
+  SAML2_ID                      VARCHAR(255),
+  SAML2_ISSUER                  VARCHAR(255),
+  SAML2_SUBJECT                 VARCHAR(255),
+  SAML2_SESSION_INDEX           VARCHAR(255),
+  SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255),
+  SAML2_ASSERTION               VARCHAR(4096),
+  PRIMARY KEY (ID)
+)
+  ENGINE INNODB;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..e00118cc
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,200 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_STATE VARCHAR(25) DEFAULT 'ACTIVE'
+/
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN)
+/
+ALTER TABLE SP_APP ADD ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0'
+/
+ALTER TABLE SP_INBOUND_AUTH ADD INBOUND_CONFIG_TYPE VARCHAR(255) DEFAULT NULL
+/
+ALTER TABLE SP_CLAIM_MAPPING ADD IS_MANDATORY VARCHAR(128) DEFAULT '0'
+/
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD RULE_ENABLED CHAR(1) DEFAULT '0' NOT NULL
+/
+ALTER TABLE IDP_PROVISIONING_CONFIG ADD IS_RULES_ENABLED CHAR(1) DEFAULT '0' NOT NULL
+/
+CREATE TABLE IDN_RECOVERY_DATA (
+  USER_NAME      VARCHAR2(255)                       NOT NULL,
+  USER_DOMAIN    VARCHAR2(127)                       NOT NULL,
+  TENANT_ID      INTEGER        DEFAULT -1,
+  CODE           VARCHAR2(255)                       NOT NULL,
+  SCENARIO       VARCHAR2(255)                       NOT NULL,
+  STEP           VARCHAR2(127)                       NOT NULL,
+  TIME_CREATED   TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+  REMAINING_SETS VARCHAR2(2500) DEFAULT NULL,
+  PRIMARY KEY (USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO, STEP),
+  UNIQUE (CODE)
+)
+/
+CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
+  ID           INTEGER,
+  USER_NAME    VARCHAR2(255)                       NOT NULL,
+  USER_DOMAIN  VARCHAR2(127)                       NOT NULL,
+  TENANT_ID    INTEGER DEFAULT -1,
+  SALT_VALUE   VARCHAR2(255),
+  HASH         VARCHAR2(255)                       NOT NULL,
+  TIME_CREATED TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+  PRIMARY KEY (ID),
+  UNIQUE (USER_NAME, USER_DOMAIN, TENANT_ID, SALT_VALUE, HASH)
+)
+/
+
+CREATE SEQUENCE IDN_PASSWORD_HISTORY_DATA_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+
+CREATE OR REPLACE TRIGGER IDN_PASSWORD_HISTORY_DATA_TRIG
+BEFORE INSERT
+ON IDN_PASSWORD_HISTORY_DATA
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_PASSWORD_HISTORY_DATA_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_CLAIM_DIALECT (
+  ID          INTEGER,
+  DIALECT_URI VARCHAR(255) NOT NULL,
+  TENANT_ID   INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+)
+/
+CREATE SEQUENCE IDN_CLAIM_DIALECT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CLAIM_DIALECT_TRIG
+BEFORE INSERT
+ON IDN_CLAIM_DIALECT
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_CLAIM_DIALECT_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_CLAIM (
+  ID         INTEGER,
+  DIALECT_ID INTEGER,
+  CLAIM_URI  VARCHAR(255) NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT (ID) ON DELETE CASCADE,
+  CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+)
+/
+CREATE SEQUENCE IDN_CLAIM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CLAIM_TRIG
+BEFORE INSERT
+ON IDN_CLAIM
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_CLAIM_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_CLAIM_MAPPED_ATTRIBUTE (
+  ID                     INTEGER,
+  LOCAL_CLAIM_ID         INTEGER,
+  USER_STORE_DOMAIN_NAME VARCHAR(255) NOT NULL,
+  ATTRIBUTE_NAME         VARCHAR(255) NOT NULL,
+  TENANT_ID              INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+)
+/
+CREATE SEQUENCE IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CLAIM_MAPPED_ATTR_TRIG
+BEFORE INSERT
+ON IDN_CLAIM_MAPPED_ATTRIBUTE
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_CLAIM_PROPERTY (
+  ID             INTEGER,
+  LOCAL_CLAIM_ID INTEGER,
+  PROPERTY_NAME  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE VARCHAR(255) NOT NULL,
+  TENANT_ID      INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+)
+/
+CREATE SEQUENCE IDN_CLAIM_PROPERTY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CLAIM_PROPERTY_TRIG
+BEFORE INSERT
+ON IDN_CLAIM_PROPERTY
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_CLAIM_PROPERTY_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_CLAIM_MAPPING (
+  ID                    INTEGER,
+  EXT_CLAIM_ID          INTEGER NOT NULL,
+  MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+  TENANT_ID             INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+)
+/
+CREATE SEQUENCE IDN_CLAIM_MAPPING_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CLAIM_MAPPING_TRIG
+BEFORE INSERT
+ON IDN_CLAIM_MAPPING
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_CLAIM_MAPPING_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+
+CREATE TABLE IDN_SAML2_ASSERTION_STORE (
+  ID                            INTEGER,
+  SAML2_ID                      VARCHAR(255),
+  SAML2_ISSUER                  VARCHAR(255),
+  SAML2_SUBJECT                 VARCHAR(255),
+  SAML2_SESSION_INDEX           VARCHAR(255),
+  SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255),
+  SAML2_ASSERTION               VARCHAR2(4000),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE IDN_SAML2_ASSERTION_STORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_SAML2_ASSERTION_STORE_TRIG
+BEFORE INSERT
+ON IDN_SAML2_ASSERTION_STORE
+REFERENCING NEW AS NEW
+FOR EACH ROW
+  BEGIN
+    SELECT IDN_SAML2_ASSERTION_STORE_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..c1ba4791
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.3.0/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,115 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD COLUMN APP_STATE VARCHAR(25) DEFAULT 'ACTIVE';
+CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+ALTER TABLE SP_APP ADD COLUMN ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0';
+ALTER TABLE SP_INBOUND_AUTH ADD COLUMN INBOUND_CONFIG_TYPE VARCHAR(255) NULL;
+ALTER TABLE SP_CLAIM_MAPPING ADD COLUMN IS_MANDATORY VARCHAR(128) DEFAULT '0';
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD COLUMN RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+ALTER TABLE IDP_PROVISIONING_CONFIG ADD COLUMN IS_RULES_ENABLED CHAR(1) NOT NULL DEFAULT '0';
+
+DROP TABLE IF EXISTS IDN_RECOVERY_DATA;
+CREATE TABLE IDN_RECOVERY_DATA (
+  USER_NAME      VARCHAR(255) NOT NULL,
+  USER_DOMAIN    VARCHAR(127) NOT NULL,
+  TENANT_ID      INTEGER               DEFAULT -1,
+  CODE           VARCHAR(255) NOT NULL,
+  SCENARIO       VARCHAR(255) NOT NULL,
+  STEP           VARCHAR(127) NOT NULL,
+  TIME_CREATED   TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  REMAINING_SETS VARCHAR(2500)         DEFAULT NULL,
+  PRIMARY KEY (USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO, STEP),
+  UNIQUE (CODE)
+);
+
+DROP TABLE IF EXISTS IDN_PASSWORD_HISTORY_DATA;
+CREATE SEQUENCE IDN_PASSWORD_HISTORY_DATA_PK_SEQ;
+CREATE TABLE IDN_PASSWORD_HISTORY_DATA (
+  ID           INTEGER               DEFAULT NEXTVAL('IDN_PASSWORD_HISTORY_DATA_PK_SEQ'),
+  USER_NAME    VARCHAR(255) NOT NULL,
+  USER_DOMAIN  VARCHAR(127) NOT NULL,
+  TENANT_ID    INTEGER               DEFAULT -1,
+  SALT_VALUE   VARCHAR(255),
+  HASH         VARCHAR(255) NOT NULL,
+  TIME_CREATED TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (ID),
+  UNIQUE (USER_NAME, USER_DOMAIN, TENANT_ID, SALT_VALUE, HASH)
+);
+
+DROP TABLE IF EXISTS IDN_CLAIM_DIALECT;
+DROP SEQUENCE IF EXISTS IDN_CLAIM_DIALECT_SEQ;
+CREATE SEQUENCE IDN_CLAIM_DIALECT_SEQ;
+CREATE TABLE IDN_CLAIM_DIALECT (
+  ID          INTEGER DEFAULT NEXTVAL('IDN_CLAIM_DIALECT_SEQ'),
+  DIALECT_URI VARCHAR(255) NOT NULL,
+  TENANT_ID   INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_CLAIM;
+DROP SEQUENCE IF EXISTS IDN_CLAIM_SEQ;
+CREATE SEQUENCE IDN_CLAIM_SEQ;
+CREATE TABLE IDN_CLAIM (
+  ID         INTEGER DEFAULT NEXTVAL('IDN_CLAIM_SEQ'),
+  DIALECT_ID INTEGER,
+  CLAIM_URI  VARCHAR(255) NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT (ID) ON DELETE CASCADE,
+  CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE;
+DROP SEQUENCE IF EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ;
+CREATE SEQUENCE IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ;
+CREATE TABLE IDN_CLAIM_MAPPED_ATTRIBUTE (
+  ID                     INTEGER DEFAULT NEXTVAL('IDN_CLAIM_MAPPED_ATTRIBUTE_SEQ'),
+  LOCAL_CLAIM_ID         INTEGER,
+  USER_STORE_DOMAIN_NAME VARCHAR(255) NOT NULL,
+  ATTRIBUTE_NAME         VARCHAR(255) NOT NULL,
+  TENANT_ID              INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_CLAIM_PROPERTY;
+DROP SEQUENCE IF EXISTS IDN_CLAIM_PROPERTY_SEQ;
+CREATE SEQUENCE IDN_CLAIM_PROPERTY_SEQ;
+CREATE TABLE IDN_CLAIM_PROPERTY (
+  ID             INTEGER DEFAULT NEXTVAL('IDN_CLAIM_PROPERTY_SEQ'),
+  LOCAL_CLAIM_ID INTEGER,
+  PROPERTY_NAME  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE VARCHAR(255) NOT NULL,
+  TENANT_ID      INTEGER      NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_CLAIM_MAPPING;
+DROP SEQUENCE IF EXISTS IDN_CLAIM_MAPPING_SEQ;
+CREATE SEQUENCE IDN_CLAIM_MAPPING_SEQ;
+CREATE TABLE IDN_CLAIM_MAPPING (
+  ID                    INTEGER DEFAULT NEXTVAL('IDN_CLAIM_MAPPING_SEQ'),
+  EXT_CLAIM_ID          INTEGER NOT NULL,
+  MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+  TENANT_ID             INTEGER NOT NULL,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM (ID) ON DELETE CASCADE,
+  CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_SAML2_ASSERTION_STORE;
+DROP SEQUENCE IF EXISTS IDN_SAML2_ASSERTION_STORE_SEQ;
+CREATE SEQUENCE IDN_SAML2_ASSERTION_STORE_SEQ;
+CREATE TABLE IDN_SAML2_ASSERTION_STORE (
+  ID                            INTEGER DEFAULT NEXTVAL('IDN_SAML2_ASSERTION_STORE_SEQ'),
+  SAML2_ID                      VARCHAR(255),
+  SAML2_ISSUER                  VARCHAR(255),
+  SAML2_SUBJECT                 VARCHAR(255),
+  SAML2_SESSION_INDEX           VARCHAR(255),
+  SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255),
+  SAML2_ASSERTION               VARCHAR(4096),
+  PRIMARY KEY (ID)
+);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/data/claim-config.xml b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/data/claim-config.xml
new file mode 100644
index 00000000..21e396a8
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/data/claim-config.xml
@@ -0,0 +1,824 @@
+<!--
+ ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ ~
+ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~    http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<ClaimConfig>
+	<Dialects>
+		<Dialect dialectURI="http://wso2.org/claims">
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/department</ClaimURI>
+				<DisplayName>Department</DisplayName>
+				<AttributeID>departmentNumber</AttributeID>
+				<Description>Department</Description>
+				<SupportedByDefault />
+				<ReadOnly />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/resourceType</ClaimURI>
+				<DisplayName>Resource Type</DisplayName>
+				<AttributeID>ref</AttributeID>
+				<Description>Resource Type</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/identity/phoneVerified</ClaimURI>
+				<DisplayName>Phone Verified</DisplayName>
+				<!-- Proper attribute Id in your user store must be configured for this -->
+				<AttributeID>phoneVerified</AttributeID>
+				<Description>Phone Verified</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/userid</ClaimURI>
+				<DisplayName>User ID</DisplayName>
+				<AttributeID>scimId</AttributeID>
+				<Description>Unique ID of the user</Description>
+				<ReadOnly/>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/externalid</ClaimURI>
+				<DisplayName>External User ID</DisplayName>
+				<AttributeID>externalId</AttributeID>
+				<Description>Unique ID of the user used in external systems</Description>
+				<ReadOnly/>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/created</ClaimURI>
+				<DisplayName>Created Time</DisplayName>
+				<AttributeID>createdDate</AttributeID>
+				<Description>Created timestamp of the user</Description>
+				<ReadOnly/>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/modified</ClaimURI>
+				<DisplayName>Last Modified Time</DisplayName>
+				<AttributeID>lastModifiedDate</AttributeID>
+				<Description>Last Modified timestamp of the user</Description>
+				<ReadOnly/>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/location</ClaimURI>
+				<DisplayName>Location</DisplayName>
+				<AttributeID>location</AttributeID>
+				<Description>Location</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/im</ClaimURI>
+				<DisplayName>IM</DisplayName>
+				<AttributeID>im</AttributeID>
+				<Description>IM</Description>
+				<DisplayOrder>9</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/username</ClaimURI>
+				<DisplayName>Username</DisplayName>
+				<AttributeID>uid</AttributeID>
+				<Description>Username</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/givenname</ClaimURI>
+				<DisplayName>First Name</DisplayName>
+				<AttributeID>givenName</AttributeID>
+				<Description>First Name</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/lastname</ClaimURI>
+				<DisplayName>Last Name</DisplayName>
+				<AttributeID>sn</AttributeID>
+				<Description>Last Name</Description>
+				<Required />
+				<DisplayOrder>2</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/formattedName</ClaimURI>
+				<DisplayName>Name - Formatted Name</DisplayName>
+				<AttributeID>formattedName</AttributeID>
+				<Description>Formatted Name</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/middleName</ClaimURI>
+				<DisplayName>Middle Name</DisplayName>
+				<AttributeID>middleName</AttributeID>
+				<Description>Middle Name</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/honorificPrefix</ClaimURI>
+				<DisplayName>Name - Honoric Prefix</DisplayName>
+				<AttributeID>honoricPrefix</AttributeID>
+				<Description>Honoric Prefix</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/honorificSuffix</ClaimURI>
+				<DisplayName>Name - Honoric Suffix</DisplayName>
+				<AttributeID>honoricSuffix</AttributeID>
+				<Description>Honoric Suffix</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/displayName</ClaimURI>
+				<DisplayName>Display Name</DisplayName>
+				<AttributeID>displayName</AttributeID>
+				<Description>Display Name</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/nickname</ClaimURI>
+				<DisplayName>Nick Name</DisplayName>
+				<AttributeID>nickName</AttributeID>
+				<Description>Nick Name</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/url</ClaimURI>
+				<DisplayName>URL</DisplayName>
+				<AttributeID>url</AttributeID>
+				<Description>URL</Description>
+				<DisplayOrder>10</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/title</ClaimURI>
+				<DisplayName>Title</DisplayName>
+				<AttributeID>title</AttributeID>
+				<Description>Title</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/userType</ClaimURI>
+				<DisplayName>User Type</DisplayName>
+				<AttributeID>userType</AttributeID>
+				<Description>User Type</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/preferredLanguage</ClaimURI>
+				<DisplayName>Preferred Language</DisplayName>
+				<AttributeID>preferredLanguage</AttributeID>
+				<Description>Preferred Language</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/local</ClaimURI>
+				<DisplayName>Local</DisplayName>
+				<AttributeID>local</AttributeID>
+				<Description>Local</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/timeZone</ClaimURI>
+				<DisplayName>Time Zone</DisplayName>
+				<AttributeID>timeZone</AttributeID>
+				<Description>Time Zone</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/active</ClaimURI>
+				<DisplayName>Active</DisplayName>
+				<AttributeID>active</AttributeID>
+				<Description>Status of the account</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/emails.work</ClaimURI>
+				<DisplayName>Emails - Work Email</DisplayName>
+				<AttributeID>workEmail</AttributeID>
+				<Description>Work Email</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/emails.home</ClaimURI>
+				<DisplayName>Emails - Home Email</DisplayName>
+				<AttributeID>homeEmail</AttributeID>
+				<Description>Home Email</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/emails.other</ClaimURI>
+				<DisplayName>Emails - Other Email</DisplayName>
+				<AttributeID>otherEmail</AttributeID>
+				<Description>Other Email</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/mobile</ClaimURI>
+				<DisplayName>Mobile</DisplayName>
+				<AttributeID>mobile</AttributeID>
+				<Description>Mobile</Description>
+				<DisplayOrder>8</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/phoneNumbers.home</ClaimURI>
+				<DisplayName>Phone Numbers - Home Phone Number</DisplayName>
+				<AttributeID>homePhone</AttributeID>
+				<Description>Home Phone</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/phoneNumbers.work</ClaimURI>
+				<DisplayName>Phone Numbers - Work Phone Number</DisplayName>
+				<AttributeID>workPhone</AttributeID>
+				<Description>Work Phone</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/phoneNumbers.other</ClaimURI>
+				<DisplayName>Phone Numbers - Other</DisplayName>
+				<AttributeID>otherPhoneNumber</AttributeID>
+				<Description>Other Phone Number</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/gtalk</ClaimURI>
+				<DisplayName>IM - Gtalk</DisplayName>
+				<AttributeID>imGtalk</AttributeID>
+				<Description>IM - Gtalk</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/skype</ClaimURI>
+				<DisplayName>IM - Skype</DisplayName>
+				<AttributeID>imSkype</AttributeID>
+				<Description>IM - Skype</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/photourl</ClaimURI>
+				<DisplayName>Photo URIL</DisplayName>
+				<AttributeID>photoUrl</AttributeID>
+				<Description>Photo URL</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/thumbnail</ClaimURI>
+				<DisplayName>Photo - Thumbnail</DisplayName>
+				<AttributeID>thumbnail</AttributeID>
+				<Description>Photo - Thumbnail</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/addresses.locality</ClaimURI>
+				<DisplayName>Address - Locality</DisplayName>
+				<AttributeID>localityAddress</AttributeID>
+				<Description>Address - Locality</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/region</ClaimURI>
+				<DisplayName>Region</DisplayName>
+				<AttributeID>region</AttributeID>
+				<Description>Region</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/groups</ClaimURI>
+				<DisplayName>Groups</DisplayName>
+				<AttributeID>groups</AttributeID>
+				<Description>Groups</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/entitlements</ClaimURI>
+				<DisplayName>Entitlements</DisplayName>
+				<AttributeID>entitlements</AttributeID>
+				<Description>Entitlements</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/role</ClaimURI>
+				<DisplayName>Role</DisplayName>
+				<AttributeID>role</AttributeID>
+				<Description>Role</Description>
+				<SupportedByDefault />
+				<ReadOnly />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/x509Certificates</ClaimURI>
+				<DisplayName>X509Certificates</DisplayName>
+				<AttributeID>x509Certificates</AttributeID>
+				<Description>X509Certificates</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/organization</ClaimURI>
+				<DisplayName>Organization</DisplayName>
+				<AttributeID>organizationName</AttributeID>
+				<Description>Organization</Description>
+				<DisplayOrder>3</DisplayOrder>
+				<SupportedByDefault />
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/stateorprovince</ClaimURI>
+				<DisplayName>State</DisplayName>
+				<AttributeID>stateOrProvinceName</AttributeID>
+				<Description>State</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/gender</ClaimURI>
+				<DisplayName>Gender</DisplayName>
+				<AttributeID>gender</AttributeID>
+				<Description>Gender</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/identity/askPassword</ClaimURI>
+				<DisplayName>Ask Password</DisplayName>
+				<AttributeID>askPassword</AttributeID>
+				<Description>Temporary claim to invoke email ask Password feature</Description>
+			</Claim>
+			<Claim>
+				<ClaimURI>http://wso2.org/claims/identity/verifyEmail</ClaimURI>
+				<DisplayName>Verify Email</DisplayName>
+				<AttributeID>verifyEmail</AttributeID>
+				<Description>Temporary claim to invoke email verified feature</Description>
+			</Claim>
+		</Dialect>
+		<Dialect dialectURI="urn:ietf:params:scim:schemas:core:2.0">
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:id</ClaimURI>
+				<DisplayName>Id</DisplayName>
+				<AttributeID>scimId</AttributeID>
+				<Description>Id</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/userid</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:externalId</ClaimURI>
+				<DisplayName>External Id</DisplayName>
+				<AttributeID>externalId</AttributeID>
+				<Description>External Id</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/externalid</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.created</ClaimURI>
+				<DisplayName>Meta - Created</DisplayName>
+				<AttributeID>createdDate</AttributeID>
+				<Description>Meta - Created</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/created</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.lastModified</ClaimURI>
+				<DisplayName>Meta - Last Modified</DisplayName>
+				<AttributeID>lastModifiedDate</AttributeID>
+				<Description>Meta - Last Modified</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/modified</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.location</ClaimURI>
+				<DisplayName>Meta - Location</DisplayName>
+				<AttributeID>location</AttributeID>
+				<Description>Meta - Location</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/location</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.resourceType</ClaimURI>
+				<DisplayName>Meta - Location</DisplayName>
+				<AttributeID>ref</AttributeID>
+				<Description>Meta - Location</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/resourceType</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:meta.version</ClaimURI>
+				<DisplayName>Meta - Version</DisplayName>
+				<AttributeID>im</AttributeID>
+				<Description>Meta - Version</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/im</MappedLocalClaim>
+			</Claim>
+		</Dialect>
+		<Dialect dialectURI="urn:ietf:params:scim:schemas:core:2.0:User">
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:userName</ClaimURI>
+				<DisplayName>User Name</DisplayName>
+				<AttributeID>uid</AttributeID>
+				<Description>User Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/username</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.givenName</ClaimURI>
+				<DisplayName>Name - Given Name</DisplayName>
+				<AttributeID>givenName</AttributeID>
+				<Description>Given Name</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/givenname</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.familyName</ClaimURI>
+				<DisplayName>Name - Family Name</DisplayName>
+				<AttributeID>sn</AttributeID>
+				<Description>Family Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/lastname</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.formatted</ClaimURI>
+				<DisplayName>Name - Formatted Name</DisplayName>
+				<AttributeID>formattedName</AttributeID>
+				<Description>Formatted Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/formattedName</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.middleName</ClaimURI>
+				<DisplayName>Name - Middle Name</DisplayName>
+				<AttributeID>middleName</AttributeID>
+				<Description>Middle Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/middleName</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.honorificPrefix</ClaimURI>
+				<DisplayName>Name - Honoric Prefix</DisplayName>
+				<AttributeID>honoricPrefix</AttributeID>
+				<Description>Honoric Prefix</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/honorificPrefix</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:name.honorificSuffix</ClaimURI>
+				<DisplayName>Name - Honoric Suffix</DisplayName>
+				<AttributeID>honoricSuffix</AttributeID>
+				<Description>Honoric Suffix</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/honorificSuffix</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:displayName</ClaimURI>
+				<DisplayName>Display Name</DisplayName>
+				<AttributeID>displayName</AttributeID>
+				<Description>Display Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/displayName</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:nickName</ClaimURI>
+				<DisplayName>Nick Name</DisplayName>
+				<AttributeID>nickName</AttributeID>
+				<Description>Nick Name</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/nickname</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:profileUrl</ClaimURI>
+				<DisplayName>Profile URL</DisplayName>
+				<AttributeID>url</AttributeID>
+				<Description>Profile URL</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/url</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:title</ClaimURI>
+				<DisplayName>Title</DisplayName>
+				<AttributeID>title</AttributeID>
+				<Description>Title</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/title</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:userType</ClaimURI>
+				<DisplayName>User Type</DisplayName>
+				<AttributeID>userType</AttributeID>
+				<Description>User Type</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/userType</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:preferredLanguage</ClaimURI>
+				<DisplayName>Preferred Language</DisplayName>
+				<AttributeID>preferredLanguage</AttributeID>
+				<Description>Preferred Language</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/preferredLanguage</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:locale</ClaimURI>
+				<DisplayName>Locality</DisplayName>
+				<AttributeID>localityName</AttributeID>
+				<Description>Locality</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/local</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:timezone</ClaimURI>
+				<DisplayName>Time Zone</DisplayName>
+				<AttributeID>timeZone</AttributeID>
+				<Description>Time Zone</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/timeZone</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:active</ClaimURI>
+				<DisplayName>Active</DisplayName>
+				<AttributeID>active</AttributeID>
+				<Description>Active</Description>
+				<DisplayOrder>2</DisplayOrder>
+				<Required />
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/active</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:emails.work</ClaimURI>
+				<DisplayName>Emails - Work Email</DisplayName>
+				<AttributeID>workEmail</AttributeID>
+				<Description>Work Email</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/emails.work</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:emails.home</ClaimURI>
+				<DisplayName>Emails - Home Email</DisplayName>
+				<AttributeID>homeEmail</AttributeID>
+				<Description>Home Email</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/emails.home</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:emails.other</ClaimURI>
+				<DisplayName>Emails - Other Email</DisplayName>
+				<AttributeID>otherEmail</AttributeID>
+				<Description>Other Email</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/emails.other</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:phoneNumbers.mobile</ClaimURI>
+				<DisplayName>Phone Numbers - Mobile Number</DisplayName>
+				<AttributeID>mobile</AttributeID>
+				<Description>Mobile Number</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/mobile</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:phoneNumbers.home</ClaimURI>
+				<DisplayName>Phone Numbers - Home Phone Number</DisplayName>
+				<AttributeID>homePhone</AttributeID>
+				<Description>Home Phone</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/phoneNumbers.home</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:phoneNumbers.work</ClaimURI>
+				<DisplayName>Phone Numbers - Work Phone Number</DisplayName>
+				<AttributeID>workPhone</AttributeID>
+				<Description>Work Phone</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/phoneNumbers.work</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:phoneNumbers.other</ClaimURI>
+				<DisplayName>Phone Numbers - Other</DisplayName>
+				<AttributeID>otherPhoneNumber</AttributeID>
+				<Description>Other Phone Number</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
+				<MappedLocalClaim>http://wso2.org/claims/phoneNumbers.other</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:ims.gtalk</ClaimURI>
+				<DisplayName>IM - Gtalk</DisplayName>
+				<AttributeID>imGtalk</AttributeID>
+				<Description>IM - Gtalk</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/gtalk</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:ims.skype</ClaimURI>
+				<DisplayName>IM - Skype</DisplayName>
+				<AttributeID>imSkype</AttributeID>
+				<Description>IM - Skype</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/skype</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:photos.photo</ClaimURI>
+				<DisplayName>Photo</DisplayName>
+				<AttributeID>photoUrl</AttributeID>
+				<Description>Photo</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/photourl</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:photos.thumbnail</ClaimURI>
+				<DisplayName>Photo - Thumbnail</DisplayName>
+				<AttributeID>thumbnail</AttributeID>
+				<Description>Photo - Thumbnail</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/thumbnail</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:addresses.home</ClaimURI>
+				<DisplayName>Address - Home</DisplayName>
+				<AttributeID>localityAddress</AttributeID>
+				<Description>Address - Home</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/addresses.locality</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:addresses.work</ClaimURI>
+				<DisplayName>Address - Work</DisplayName>
+				<AttributeID>region</AttributeID>
+				<Description>Address - Work</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/region</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:groups</ClaimURI>
+				<DisplayName>Groups</DisplayName>
+				<AttributeID>groups</AttributeID>
+				<Description>Groups</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/groups</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:entitlements.default</ClaimURI>
+				<DisplayName>Entitlements</DisplayName>
+				<AttributeID>entitlements</AttributeID>
+				<Description>Entitlements</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/entitlements</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:roles.default</ClaimURI>
+				<DisplayName>Roles</DisplayName>
+				<AttributeID>roles</AttributeID>
+				<Description>Roles</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/role</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:x509Certificates.default</ClaimURI>
+				<DisplayName>X509Certificates</DisplayName>
+				<AttributeID>x509Certificates</AttributeID>
+				<Description>X509Certificates</Description>
+				<DisplayOrder>5</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/x509Certificates</MappedLocalClaim>
+			</Claim>
+		</Dialect>
+		<Dialect dialectURI="urn:ietf:params:scim:schemas:extension:enterprise:2.0:User">
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber</ClaimURI>
+				<DisplayName>employeeNumber</DisplayName>
+				<AttributeID>externalId</AttributeID>
+				<Description>employeeNumber</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/externalid</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter</ClaimURI>
+				<DisplayName>oneTimePassword</DisplayName>
+				<AttributeID>userType</AttributeID>
+				<Description>costCenter</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/userType</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization</ClaimURI>
+				<DisplayName>Organization -division</DisplayName>
+				<AttributeID>organizationName</AttributeID>
+				<Description>Organization -division</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/organization</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department</ClaimURI>
+				<DisplayName>Organization -department</DisplayName>
+				<AttributeID>departmentNumber</AttributeID>
+				<Description>Organization -department</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/department</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division</ClaimURI>
+				<DisplayName>Manager - home</DisplayName>
+				<AttributeID>stateorprovince</AttributeID>
+				<Description>Manager - home</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/stateorprovince</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value</ClaimURI>
+				<DisplayName>Manager - home</DisplayName>
+				<AttributeID>gender</AttributeID>
+				<Description>Manager - home</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/gender</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.$ref</ClaimURI>
+				<DisplayName>Manager - home</DisplayName>
+				<AttributeID>ref</AttributeID>
+				<Description>Manager - home</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/resourceType</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.displayName</ClaimURI>
+				<DisplayName>Manager - home</DisplayName>
+				<AttributeID>displayName</AttributeID>
+				<Description>Manager - home</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/displayName</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:askPassword</ClaimURI>
+				<DisplayName>Ask Password</DisplayName>
+				<AttributeID>askPassword</AttributeID>
+				<Description>Temporary claim to invoke email ask Password feature</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/identity/askPassword</MappedLocalClaim>
+			</Claim>
+			<Claim>
+				<ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:verifyEmail</ClaimURI>
+				<DisplayName>Verify Email</DisplayName>
+				<AttributeID>verifyEmail</AttributeID>
+				<Description>Temporary claim to invoke email verified feature</Description>
+				<Required />
+				<DisplayOrder>1</DisplayOrder>
+				<SupportedByDefault />
+				<MappedLocalClaim>http://wso2.org/claims/identity/verifyEmail</MappedLocalClaim>
+			</Claim>
+		</Dialect>
+	</Dialects>
+</ClaimConfig>
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..067680c4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,17 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN SET DATA TYPE VARCHAR(512)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN SET DATA TYPE VARCHAR(512)
+/
+CREATE TABLE IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE)
+/
+ALTER TABLE IDN_IDENTITY_USER_DATA ALTER COLUMN DATA_VALUE SET DATA TYPE VARCHAR(2048)
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..f4d77942
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,14 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY ACCESS_TOKEN VARCHAR(512);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY REFRESH_TOKEN VARCHAR(512);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+);
+
+ALTER TABLE IDN_IDENTITY_USER_DATA MODIFY DATA_VALUE VARCHAR(2048);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..db39706a
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,15 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN VARCHAR(512);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN VARCHAR(512);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OAUTH2_SCOPE_BINDING]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OAUTH2_SCOPE_BINDING (
+  SCOPE_ID INTEGER NOT NULL,
+  SCOPE_BINDING VARCHAR(255),
+  FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+);
+
+ALTER TABLE IDN_IDENTITY_USER_DATA ALTER COLUMN DATA_VALUE VARCHAR(2048);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..93a582e8
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,14 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY ACCESS_TOKEN VARCHAR(512);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY REFRESH_TOKEN VARCHAR(512);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA MODIFY DATA_VALUE VARCHAR(2048);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..93a582e8
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,14 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY ACCESS_TOKEN VARCHAR(512);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY REFRESH_TOKEN VARCHAR(512);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+ALTER TABLE IDN_IDENTITY_USER_DATA MODIFY DATA_VALUE VARCHAR(2048);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..22c03e3f
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,24 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME NUMBER(19) DEFAULT 3600000
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME NUMBER(19) DEFAULT 3600000
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME NUMBER(19) DEFAULT 84600000
+/
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY ACCESS_TOKEN VARCHAR(512)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN MODIFY REFRESH_TOKEN VARCHAR(512)
+/
+
+CREATE TABLE IDN_OAUTH2_SCOPE_BINDING (
+  SCOPE_ID INTEGER NOT NULL,
+  SCOPE_BINDING VARCHAR2(255),
+  FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE)
+/
+
+
+ALTER TABLE IDN_IDENTITY_USER_DATA MODIFY DATA_VALUE VARCHAR(2048)
+/
+
+DELETE FROM IDN_CLAIM WHERE CLAIM_URI = 'urn:scim:schemas:core:1.0:roles'
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..f9203ee4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,14 @@
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000;
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ADD REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000;
+
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN TYPE VARCHAR(512);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN TYPE VARCHAR(512);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+);
+
+ALTER TABLE IDN_IDENTITY_USER_DATA ALTER COLUMN DATA_VALUE TYPE VARCHAR(2048);
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/db2.sql
new file mode 100644
index 00000000..e4067b01
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/db2.sql
@@ -0,0 +1,5 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID)
+/
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID)
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/h2.sql
new file mode 100644
index 00000000..0b50b62b
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/h2.sql
@@ -0,0 +1,3 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID);
+
+CREATE INDEX IF NOT EXISTS SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mssql.sql
new file mode 100644
index 00000000..c9645d83
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mssql.sql
@@ -0,0 +1,3 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID);
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql.sql
new file mode 100644
index 00000000..c9645d83
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql.sql
@@ -0,0 +1,3 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID);
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql5.7.sql
new file mode 100644
index 00000000..c9645d83
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/mysql5.7.sql
@@ -0,0 +1,3 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID);
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/oracle.sql
new file mode 100644
index 00000000..f4167597
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/oracle.sql
@@ -0,0 +1,5 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID)
+/
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID)
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/postgresql.sql
new file mode 100644
index 00000000..c9645d83
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step1/um/postgresql.sql
@@ -0,0 +1,3 @@
+ALTER TABLE UM_PERMISSION ADD CONSTRAINT RES_ACT_TENANT_CONSTRAINT UNIQUE (UM_RESOURCE_ID,UM_ACTION,UM_TENANT_ID);
+
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/db2.sql
new file mode 100644
index 00000000..ede38f3c
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/db2.sql
@@ -0,0 +1,23 @@
+ALTER TABLE IDN_OAUTH2_SCOPE RENAME COLUMN NAME TO DISPLAY_NAME
+/
+ALTER TABLE IDN_OAUTH2_SCOPE RENAME COLUMN SCOPE_KEY TO NAME
+/
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES
+/
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0
+/
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN TENANT_ID SET DEFAULT -1
+/
+CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID)
+/
+BEGIN
+ DECLARE const_name VARCHAR(128);
+ DECLARE STMT VARCHAR(200);
+ select CONSTNAME into const_name from SYSCAT.TABCONST WHERE TABNAME='IDN_OAUTH2_RESOURCE_SCOPE' AND TYPE = 'F';
+ SET STMT = 'ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP FOREIGN KEY ' ||  const_name;
+ PREPARE S1 FROM STMT;
+ EXECUTE S1;
+END
+/
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD CONSTRAINT IDN_OAUTH2_RESOURCE_SCOPE_F1 FOREIGN KEY(SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/h2.sql
new file mode 100644
index 00000000..196d42d4
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/h2.sql
@@ -0,0 +1,16 @@
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN NAME RENAME TO DISPLAY_NAME;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN SCOPE_KEY RENAME TO NAME;
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY NAME VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY DISPLAY_NAME VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES;
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0;
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY TENANT_ID INTEGER NOT NULL DEFAULT -1;
+CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID);
+
+CREATE ALIAS IF NOT EXISTS DROP_FK AS $$ void executeSql(Connection conn, String sql) throws SQLException { conn.createStatement().executeUpdate(sql); } $$;
+
+CALL DROP_FK('ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP CONSTRAINT ' || (SELECT CONSTRAINT_NAME FROM INFORMATION_SCHEMA.CONSTRAINTS WHERE TABLE_NAME = 'IDN_OAUTH2_RESOURCE_SCOPE' AND COLUMN_LIST  = 'SCOPE_ID'));
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mssql.sql
new file mode 100644
index 00000000..aea9f02f
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mssql.sql
@@ -0,0 +1,28 @@
+sp_rename 'IDN_OAUTH2_SCOPE.NAME', 'DISPLAY_NAME', 'COLUMN';
+sp_rename 'IDN_OAUTH2_SCOPE.SCOPE_KEY', 'NAME', 'COLUMN';
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN NAME VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN DISPLAY_NAME VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES;
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0;
+CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID);
+
+DECLARE @Command NVARCHAR(max), @ConstaintName NVARCHAR(max), @TableName NVARCHAR(max),@ColumnName NVARCHAR(max)
+SET @TableName = 'IDN_OAUTH2_SCOPE'
+SET @ColumnName ='TENANT_ID'
+SELECT @ConstaintName = name
+    FROM sys.default_constraints
+    WHERE parent_object_id = object_id(@TableName)
+
+SELECT @Command = 'ALTER TABLE '+@TableName+' drop constraint '+ @ConstaintName
+
+IF @Command IS NOT NULL
+BEGIN
+    EXECUTE sp_executeSQL @Command
+    SELECT @Command = 'ALTER TABLE '+@TableName+' ADD CONSTRAINT '+@ConstaintName+' DEFAULT -1 FOR ' + @ColumnName
+    EXECUTE sp_executeSQL @Command
+END
+
+DECLARE @COMMAND1 NVARCHAR(200);SELECT TOP 1 @COMMAND1= 'ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP CONSTRAINT ' + RC.CONSTRAINT_NAME + ';' FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS RC JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KF ON RC.CONSTRAINT_NAME = KF.CONSTRAINT_NAME JOIN INFORMATION_SCHEMA.KEY_COLUMN_USAGE KP ON RC.UNIQUE_CONSTRAINT_NAME = KP.CONSTRAINT_NAME WHERE KF.TABLE_NAME = 'IDN_OAUTH2_RESOURCE_SCOPE' AND KP.TABLE_NAME='IDN_OAUTH2_SCOPE';EXEC (@COMMAND1);
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ALTER COLUMN SCOPE_ID INTEGER NOT NULL;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql.sql
new file mode 100644
index 00000000..eae5def0
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql.sql
@@ -0,0 +1,21 @@
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT;
+ALTER TABLE IDN_OAUTH2_SCOPE CHANGE COLUMN `NAME` `DISPLAY_NAME` VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE CHANGE COLUMN `SCOPE_KEY` `NAME` VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES;
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0;
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY TENANT_ID INTEGER NOT NULL DEFAULT -1;
+-- CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID);
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP FOREIGN KEY ",CONSTRAINT_NAME)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = "IDN_OAUTH2_RESOURCE_SCOPE"
+AND REFERENCED_TABLE_NAME = "IDN_OAUTH2_SCOPE" AND REFERENCED_COLUMN_NAME = "SCOPE_ID" ;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql5.7.sql
new file mode 100644
index 00000000..6ebcdfd6
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/mysql5.7.sql
@@ -0,0 +1,21 @@
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT;
+ALTER TABLE IDN_OAUTH2_SCOPE CHANGE COLUMN `NAME` `DISPLAY_NAME` VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE CHANGE COLUMN `SCOPE_KEY` `NAME` VARCHAR(255) NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES;
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0;
+ALTER TABLE IDN_OAUTH2_SCOPE MODIFY TENANT_ID INTEGER NOT NULL DEFAULT -1;
+CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID);
+
+SELECT CONCAT("ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP FOREIGN KEY ",CONSTRAINT_NAME)
+INTO @sqlst
+FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE
+WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = "IDN_OAUTH2_RESOURCE_SCOPE"
+AND REFERENCED_TABLE_NAME = "IDN_OAUTH2_SCOPE" AND REFERENCED_COLUMN_NAME = "SCOPE_ID" ;
+
+PREPARE stmt FROM @sqlst;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;
+SET @sqlstr = NULL;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE MODIFY SCOPE_ID INTEGER NOT NULL;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/oracle.sql
new file mode 100644
index 00000000..cade8aff
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/oracle.sql
@@ -0,0 +1,62 @@
+ALTER TABLE IDN_OAUTH2_SCOPE
+  MODIFY SCOPE_ID INTEGER NOT NULL
+/
+ALTER TABLE IDN_OAUTH2_SCOPE
+  RENAME COLUMN NAME TO DISPLAY_NAME
+/
+ALTER TABLE IDN_OAUTH2_SCOPE
+  RENAME COLUMN SCOPE_KEY TO NAME
+/
+ALTER TABLE IDN_OAUTH2_SCOPE
+  DROP COLUMN ROLES
+/
+UPDATE IDN_OAUTH2_SCOPE
+SET TENANT_ID = -1
+WHERE TENANT_ID = 0
+/
+ALTER TABLE IDN_OAUTH2_SCOPE
+  MODIFY TENANT_ID INTEGER DEFAULT -1
+/
+CREATE UNIQUE INDEX SCOPE_INDEX
+  ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID)
+/
+
+DECLARE
+  con_name     VARCHAR2(100);
+  command      VARCHAR2(200);
+  databasename VARCHAR2(100);
+BEGIN
+
+  SELECT sys_context('userenv', 'current_schema')
+  INTO databasename
+  FROM dual;
+
+  BEGIN
+    SELECT a.constraint_name
+    INTO con_name
+    FROM all_cons_columns a
+      JOIN all_constraints c ON a.owner = c.owner AND a.constraint_name = c.constraint_name
+      JOIN all_constraints c_pk ON c.r_owner = c_pk.owner AND c.r_constraint_name = c_pk.constraint_name
+    WHERE
+      c.constraint_type = 'R' AND a.table_name = 'IDN_OAUTH2_RESOURCE_SCOPE' AND UPPER(a.OWNER) = UPPER(databasename)
+      AND c_pk.table_name = 'IDN_OAUTH2_SCOPE' AND ROWNUM < 2;
+
+    IF TRIM(con_name) IS NOT NULL
+    THEN
+      command := 'ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE DROP CONSTRAINT ' || con_name;
+      dbms_output.Put_line(command);
+      EXECUTE IMMEDIATE command;
+    END IF;
+
+    EXCEPTION
+    WHEN NO_DATA_FOUND
+    THEN
+    dbms_output.Put_line('Foreign key not found');
+  END;
+
+END;
+/
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE
+  ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/postgresql.sql
new file mode 100644
index 00000000..3e3ccf93
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.4.0/dbscripts/step2/identity/postgresql.sql
@@ -0,0 +1,18 @@
+ALTER TABLE IDN_OAUTH2_SCOPE RENAME NAME TO DISPLAY_NAME;
+ALTER TABLE IDN_OAUTH2_SCOPE RENAME SCOPE_KEY TO NAME;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN NAME TYPE VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN NAME SET NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN DISPLAY_NAME TYPE VARCHAR(255);
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN DISPLAY_NAME SET NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE DROP COLUMN ROLES;
+UPDATE IDN_OAUTH2_SCOPE SET TENANT_ID = -1 WHERE TENANT_ID = 0;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN TENANT_ID TYPE INTEGER;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN TENANT_ID SET NOT NULL;
+ALTER TABLE IDN_OAUTH2_SCOPE ALTER COLUMN TENANT_ID SET DEFAULT -1;
+CREATE UNIQUE INDEX SCOPE_INDEX ON IDN_OAUTH2_SCOPE (NAME, TENANT_ID);
+
+DO $$ DECLARE con_name varchar(200); BEGIN SELECT 'ALTER TABLE idn_oauth2_resource_scope DROP CONSTRAINT ' || tc .constraint_name || ';' INTO con_name FROM information_schema.table_constraints AS tc JOIN information_schema.key_column_usage AS kcu ON tc.constraint_name = kcu.constraint_name JOIN information_schema.constraint_column_usage AS ccu ON ccu.constraint_name = tc.constraint_name WHERE constraint_type = 'FOREIGN KEY' AND tc.table_name = 'idn_oauth2_resource_scope' AND ccu.table_name='idn_oauth2_scope' LIMIT 1; EXECUTE con_name; END $$;
+
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ALTER COLUMN SCOPE_ID TYPE INTEGER;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ALTER COLUMN SCOPE_ID SET NOT NULL;
+ALTER TABLE IDN_OAUTH2_RESOURCE_SCOPE ADD FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/db2.sql
new file mode 100644
index 00000000..8e7a9159
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/db2.sql
@@ -0,0 +1,195 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER NOT NULL ,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER       NOT NULL,
+  TENANT_ID    INTEGER DEFAULT -1234 NOT NULL,
+  CONSTRAINT PII_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PII_CATEGORY_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER CM_PII_CATEGORY_TRIGGER NO CASCADE BEFORE INSERT ON CM_PII_CATEGORY
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+
+BEGIN ATOMIC
+
+    SET (NEW.ID)
+       = (NEXTVAL FOR CM_PII_CATEGORY_SEQ);
+
+END
+/
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP     NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT -1234,
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+)
+/
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER NOT NULL,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT -1234 NOT NULL,
+  CONSTRAINT PURPOSE_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER CM_PURPOSE_TRIGGER NO CASCADE BEFORE INSERT ON CM_PURPOSE
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+
+BEGIN ATOMIC
+
+    SET (NEW.ID)
+       = (NEXTVAL FOR CM_PURPOSE_SEQ);
+
+END
+/
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER NOT NULL,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT -1234 NOT NULL,
+  CONSTRAINT PURPOSE_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_CATEGORY_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER CM_PURPOSE_CATEGORY_TRIGGER NO CASCADE BEFORE INSERT ON CM_PURPOSE_CATEGORY
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+
+BEGIN ATOMIC
+
+    SET (NEW.ID)
+       = (NEXTVAL FOR CM_PURPOSE_CATEGORY_SEQ);
+
+END
+/
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER NOT NULL,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT -1234 NOT NULL,
+  CONSTRAINT RECEIPT_SP_ASSOC_CONSTRAINT UNIQUE (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_RECEIPT_SP_ASSOC_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER CM_RECEIPT_SP_ASSOC_TRIGGER NO CASCADE BEFORE INSERT ON CM_RECEIPT_SP_ASSOC
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+
+BEGIN ATOMIC
+
+    SET (NEW.ID)
+       = (NEXTVAL FOR CM_RECEIPT_SP_ASSOC_SEQ);
+
+END
+/
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER NOT NULL,
+  RECEIPT_SP_ASSOC       INTEGER       NOT NULL,
+  PURPOSE_ID             INTEGER       NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER       NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER       NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  CONSTRAINT SP_PURPOSE_ASSOC UNIQUE (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_SP_PURPOSE_ASSOC_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER CM_SP_PURPOSE_ASSOC_TRIGGER NO CASCADE BEFORE INSERT ON CM_SP_PURPOSE_ASSOC
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+
+BEGIN ATOMIC
+
+    SET (NEW.ID)
+       = (NEXTVAL FOR CM_SP_PURPOSE_ASSOC_SEQ);
+
+END
+/
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT SP_PUS_PS_CAT_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT PURPOSE_PII_CAT_ASSOC UNIQUE (PURPOSE_ID, CM_PII_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  CONSTRAINT SP_PURPOSE_PII_CATEGORY_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+)
+/
+CREATE SEQUENCE CM_SP_PURPOSE_PII_CAT_ASSOC_SEQ
+  START WITH 1
+  INCREMENT BY 1 NOCACHE
+/
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  CONSTRAINT CONSENT_RECEIPT_PROPERTY UNIQUE (CONSENT_RECEIPT_ID, NAME)
+)
+/
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID)
+/
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234')/
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234')/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/h2.sql
new file mode 100644
index 00000000..3c9166bd
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/h2.sql
@@ -0,0 +1,121 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER AUTO_INCREMENT,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+);
+
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER AUTO_INCREMENT,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER AUTO_INCREMENT,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+);
+
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  UNIQUE KEY (CONSENT_RECEIPT_ID, NAME)
+);
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mssql.sql
new file mode 100644
index 00000000..645035c2
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mssql.sql
@@ -0,0 +1,113 @@
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_PII_CATEGORY]') AND TYPE IN (N'U'))
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER      NOT NULL  IDENTITY,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PII_CATEGORY_CNT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_RECEIPT]') AND TYPE IN (N'U'))
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   DATETIME    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_PURPOSE]') AND TYPE IN (N'U'))
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER      NOT NULL  IDENTITY,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PURPOSE_CNT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_PURPOSE_CATEGORY]') AND TYPE IN (N'U'))
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER      NOT NULL  IDENTITY,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PURPOSE_CATEGORY_CNT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_RECEIPT_SP_ASSOC]') AND TYPE IN (N'U'))
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER      NOT NULL  IDENTITY,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_RECEIPT_SP_ASSOC_CNT UNIQUE (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID),
+  PRIMARY KEY (ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_SP_PURPOSE_ASSOC]') AND TYPE IN (N'U'))
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER      NOT NULL  IDENTITY,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  CONSTRAINT CM_SP_PURPOSE_ASSOC_CNT UNIQUE (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID),
+  FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID),
+  PRIMARY KEY (ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_SP_PURPOSE_PURPOSE_CAT_ASSC]') AND TYPE IN (N'U'))
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT CM_SP_PURPOSE_PURPOSE_CAT_ASSC_CNT UNIQUE (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID),
+  FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID),
+  FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_PURPOSE_PII_CAT_ASSOC]') AND TYPE IN (N'U'))
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT CM_PURPOSE_PII_CAT_ASSOC_CNT UNIQUE (PURPOSE_ID, CM_PII_CATEGORY_ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_SP_PURPOSE_PII_CAT_ASSOC]') AND TYPE IN (N'U'))
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  CONSTRAINT CM_SP_PURPOSE_PII_CAT_ASSOC_CNT UNIQUE (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID),
+  FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID),
+  FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+);
+
+IF NOT EXISTS ( SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[CM_CONSENT_RECEIPT_PROPERTY]') AND TYPE IN (N'U'))
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  CONSTRAINT CM_CONSENT_RECEIPT_PROPERTY_CNT UNIQUE (CONSENT_RECEIPT_ID, NAME),
+  FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql.sql
new file mode 100644
index 00000000..3c9166bd
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql.sql
@@ -0,0 +1,121 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER AUTO_INCREMENT,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+);
+
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER AUTO_INCREMENT,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER AUTO_INCREMENT,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+);
+
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  UNIQUE KEY (CONSENT_RECEIPT_ID, NAME)
+);
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql5.7.sql
new file mode 100644
index 00000000..3c9166bd
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/mysql5.7.sql
@@ -0,0 +1,121 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER AUTO_INCREMENT,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+);
+
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER AUTO_INCREMENT,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER AUTO_INCREMENT,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+);
+
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+);
+
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  UNIQUE KEY (CONSENT_RECEIPT_ID, NAME)
+);
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle.sql
new file mode 100644
index 00000000..40cede58
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle.sql
@@ -0,0 +1,177 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER,
+  NAME         VARCHAR2(255) NOT NULL,
+  DESCRIPTION  VARCHAR2(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER       NOT NULL,
+  TENANT_ID    INTEGER DEFAULT -1234,
+  CONSTRAINT PII_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PII_CATEGORY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER CM_PII_CATEGORY_TRIG
+  BEFORE INSERT
+  ON CM_PII_CATEGORY
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PII_CATEGORY_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR2(255) NOT NULL,
+  VERSION             VARCHAR2(255) NOT NULL,
+  JURISDICTION        VARCHAR2(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP     NOT NULL,
+  COLLECTION_METHOD   VARCHAR2(255) NOT NULL,
+  LANGUAGE            VARCHAR2(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR2(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT -1234,
+  POLICY_URL          VARCHAR2(255) NOT NULL,
+  STATE               VARCHAR2(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR2(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+)
+/
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER,
+  NAME        VARCHAR2(255) NOT NULL,
+  DESCRIPTION VARCHAR2(1023),
+  TENANT_ID   INTEGER DEFAULT -1234,
+  CONSTRAINT PURPOSE_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER CM_PURPOSE_TRIG
+  BEFORE INSERT
+  ON CM_PURPOSE
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PURPOSE_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER,
+  NAME        VARCHAR2(255) NOT NULL,
+  DESCRIPTION VARCHAR2(1023),
+  TENANT_ID   INTEGER DEFAULT -1234,
+  CONSTRAINT PURPOSE_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_CATEGORY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER CM_PURPOSE_CATEGORY_TRIG
+  BEFORE INSERT
+  ON CM_PURPOSE_CATEGORY
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PURPOSE_CATEGORY_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER,
+  CONSENT_RECEIPT_ID VARCHAR2(255) NOT NULL,
+  SP_NAME            VARCHAR2(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT -1234,
+  CONSTRAINT RECEIPT_SP_ASSOC_CONSTRAINT UNIQUE (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_RECEIPT_SP_ASSOC_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER CM_RECEIPT_SP_ASSOC_TRIG
+  BEFORE INSERT
+  ON CM_RECEIPT_SP_ASSOC
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_RECEIPT_SP_ASSOC_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER,
+  RECEIPT_SP_ASSOC       INTEGER       NOT NULL,
+  PURPOSE_ID             INTEGER       NOT NULL,
+  CONSENT_TYPE           VARCHAR2(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER       NOT NULL,
+  TERMINATION            VARCHAR2(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER       NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR2(255),
+  CONSTRAINT SP_PURPOSE_ASSOC UNIQUE (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_SP_PURPOSE_ASSOC_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER CM_SP_PURPOSE_ASSOC_TRIG
+  BEFORE INSERT
+  ON CM_SP_PURPOSE_ASSOC
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_SP_PURPOSE_ASSOC_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT SP_PUS_PS_CAT_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID,PURPOSE_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT PURPOSE_PII_CAT_ASSOC UNIQUE (PURPOSE_ID, CM_PII_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  CONSTRAINT SP_PURPOSE_PII_CATEGORY_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR2(255)  NOT NULL,
+  NAME               VARCHAR2(255)  NOT NULL,
+  VALUE              VARCHAR2(1023) NOT NULL,
+  CONSTRAINT CONSENT_RECEIPT_PROPERTY UNIQUE (CONSENT_RECEIPT_ID, NAME)
+)
+/
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID)
+/
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234')
+/
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234')
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle_rac.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle_rac.sql
new file mode 100644
index 00000000..da8f5629
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/oracle_rac.sql
@@ -0,0 +1,177 @@
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER,
+  NAME         VARCHAR2(255) NOT NULL,
+  DESCRIPTION  VARCHAR2(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER       NOT NULL,
+  TENANT_ID    INTEGER DEFAULT -1234,
+  CONSTRAINT PII_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PII_CATEGORY_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER
+/
+CREATE OR REPLACE TRIGGER CM_PII_CATEGORY_TRIG
+  BEFORE INSERT
+  ON CM_PII_CATEGORY
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PII_CATEGORY_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR2(255) NOT NULL,
+  VERSION             VARCHAR2(255) NOT NULL,
+  JURISDICTION        VARCHAR2(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP     NOT NULL,
+  COLLECTION_METHOD   VARCHAR2(255) NOT NULL,
+  LANGUAGE            VARCHAR2(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR2(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT -1234,
+  POLICY_URL          VARCHAR2(255) NOT NULL,
+  STATE               VARCHAR2(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR2(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+)
+/
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER,
+  NAME        VARCHAR2(255) NOT NULL,
+  DESCRIPTION VARCHAR2(1023),
+  TENANT_ID   INTEGER DEFAULT -1234,
+  CONSTRAINT PURPOSE_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER
+/
+CREATE OR REPLACE TRIGGER CM_PURPOSE_TRIG
+  BEFORE INSERT
+  ON CM_PURPOSE
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PURPOSE_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER,
+  NAME        VARCHAR2(255) NOT NULL,
+  DESCRIPTION VARCHAR2(1023),
+  TENANT_ID   INTEGER DEFAULT -1234,
+  CONSTRAINT PURPOSE_CATEGORY_CONSTRAINT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_PURPOSE_CATEGORY_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER
+/
+CREATE OR REPLACE TRIGGER CM_PURPOSE_CATEGORY_TRIG
+  BEFORE INSERT
+  ON CM_PURPOSE_CATEGORY
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_PURPOSE_CATEGORY_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER,
+  CONSENT_RECEIPT_ID VARCHAR2(255) NOT NULL,
+  SP_NAME            VARCHAR2(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT -1234,
+  CONSTRAINT RECEIPT_SP_ASSOC_CONSTRAINT UNIQUE (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_RECEIPT_SP_ASSOC_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER
+/
+CREATE OR REPLACE TRIGGER CM_RECEIPT_SP_ASSOC_TRIG
+  BEFORE INSERT
+  ON CM_RECEIPT_SP_ASSOC
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_RECEIPT_SP_ASSOC_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER,
+  RECEIPT_SP_ASSOC       INTEGER       NOT NULL,
+  PURPOSE_ID             INTEGER       NOT NULL,
+  CONSENT_TYPE           VARCHAR2(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER       NOT NULL,
+  TERMINATION            VARCHAR2(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER       NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR2(255),
+  CONSTRAINT SP_PURPOSE_ASSOC UNIQUE (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE CM_SP_PURPOSE_ASSOC_SEQ START WITH 1 INCREMENT BY 1 CACHE 20 ORDER
+/
+CREATE OR REPLACE TRIGGER CM_SP_PURPOSE_ASSOC_TRIG
+  BEFORE INSERT
+  ON CM_SP_PURPOSE_ASSOC
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT CM_SP_PURPOSE_ASSOC_SEQ.nextval INTO :NEW.ID FROM dual;
+  END;
+/
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT SP_PUS_PS_CAT_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT PURPOSE_PII_CAT_ASSOC UNIQUE (PURPOSE_ID, CM_PII_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  CONSTRAINT SP_PURPOSE_PII_CATEGORY_ASSOC UNIQUE (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+)
+/
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR2(255)  NOT NULL,
+  NAME               VARCHAR2(255)  NOT NULL,
+  VALUE              VARCHAR2(1023) NOT NULL,
+  CONSTRAINT CONSENT_RECEIPT_PROPERTY UNIQUE (CONSENT_RECEIPT_ID, NAME)
+)
+/
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID)
+/
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID)
+/
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID)
+/
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234')
+/
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234')
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/postgresql.sql
new file mode 100644
index 00000000..1d5d8cfa
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/consent/postgresql.sql
@@ -0,0 +1,141 @@
+DROP TABLE IF EXISTS CM_PII_CATEGORY;
+DROP SEQUENCE IF EXISTS CM_PII_CATEGORY_PK_SEQ;
+CREATE SEQUENCE CM_PII_CATEGORY_PK_SEQ;
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER DEFAULT NEXTVAL('CM_PII_CATEGORY_PK_SEQ'),
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PII_CATEGORY_CNT UNIQUE (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS CM_RECEIPT;
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+);
+
+DROP TABLE IF EXISTS CM_PURPOSE;
+DROP SEQUENCE IF EXISTS CM_PURPOSE_PK_SEQ;
+CREATE SEQUENCE CM_PURPOSE_PK_SEQ;
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER DEFAULT NEXTVAL('CM_PURPOSE_PK_SEQ'),
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PURPOSE_CNT UNIQUE  (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS CM_PURPOSE_CATEGORY;
+DROP SEQUENCE IF EXISTS CM_PURPOSE_CATEGORY_PK_SEQ;
+CREATE SEQUENCE CM_PURPOSE_CATEGORY_PK_SEQ;
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER DEFAULT NEXTVAL('CM_PURPOSE_CATEGORY_PK_SEQ'),
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_PURPOSE_CATEGORY_CNT UNIQUE  (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS CM_RECEIPT_SP_ASSOC;
+DROP SEQUENCE IF EXISTS CM_RECEIPT_SP_ASSOC_PK_SEQ;
+CREATE SEQUENCE CM_RECEIPT_SP_ASSOC_PK_SEQ;
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER DEFAULT NEXTVAL('CM_RECEIPT_SP_ASSOC_PK_SEQ'),
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  CONSTRAINT CM_RECEIPT_SP_ASSOC_CNT UNIQUE  (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS CM_SP_PURPOSE_ASSOC;
+DROP SEQUENCE IF EXISTS CM_SP_PURPOSE_ASSOC_PK_SEQ;
+CREATE SEQUENCE CM_SP_PURPOSE_ASSOC_PK_SEQ;
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER DEFAULT NEXTVAL('CM_SP_PURPOSE_ASSOC_PK_SEQ'),
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  CONSTRAINT CM_SP_PURPOSE_ASSOC_CNT UNIQUE  (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+);
+
+DROP TABLE IF EXISTS CM_SP_PURPOSE_PURPOSE_CAT_ASSC;
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT CM_SP_PURPOSE_PURPOSE_CAT_ASSC_CNT UNIQUE  (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+);
+
+DROP TABLE IF EXISTS CM_PURPOSE_PII_CAT_ASSOC;
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  CONSTRAINT CM_PURPOSE_PII_CAT_ASSOC_CNT UNIQUE  (PURPOSE_ID, CM_PII_CATEGORY_ID)
+);
+
+DROP TABLE IF EXISTS CM_SP_PURPOSE_PII_CAT_ASSOC;
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  CONSTRAINT CM_SP_PURPOSE_PII_CAT_ASSOC_CNT UNIQUE  (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+);
+
+DROP TABLE IF EXISTS CM_CONSENT_RECEIPT_PROPERTY;
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  CONSTRAINT CM_CONSENT_RECEIPT_PROPERTY_CNT UNIQUE  (CONSENT_RECEIPT_ID, NAME)
+);
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/db2.sql
new file mode 100644
index 00000000..b02cbfb6
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/db2.sql
@@ -0,0 +1,159 @@
+BEGIN
+  DECLARE CONTINUE HANDLER FOR SQLSTATE '42704'
+  BEGIN END;
+  EXECUTE IMMEDIATE 'DROP INDEX IDX_AT';
+END
+/
+
+BEGIN
+  DECLARE CONTINUE HANDLER FOR SQLSTATE '42704'
+  BEGIN END;
+  EXECUTE IMMEDIATE 'DROP INDEX IDX_AUTHORIZATION_CODE';
+END
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN SET DATA TYPE VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN SET DATA TYPE VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ALTER COLUMN AUTHORIZATION_CODE SET DATA TYPE VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ALTER COLUMN CONSUMER_SECRET SET DATA TYPE VARCHAR(2048)
+/
+
+CREATE TABLE IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID, SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)
+/
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER      NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  APP_ID     INTEGER      NOT NULL,
+  TYPE       VARCHAR(255) NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED CHAR(1) DEFAULT '0',
+  PRIMARY KEY (ID))
+/
+CREATE SEQUENCE SP_AUTH_SCRIPT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER SP_AUTH_SCRIPT_TRIG NO CASCADE
+            BEFORE INSERT
+            ON SP_AUTH_SCRIPT
+            REFERENCING NEW AS NEW
+            FOR EACH ROW MODE DB2SQL
+                BEGIN ATOMIC
+                    SET (NEW.ID) = (NEXTVAL FOR SP_AUTH_SCRIPT_SEQ);
+                END
+/
+CREATE TABLE IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (JWT_ID))
+/
+
+
+CREATE TABLE IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_PROPERTY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OIDC_PROPERTY_TRIG NO CASCADE
+            BEFORE INSERT
+            ON IDN_OIDC_PROPERTY
+            REFERENCING NEW AS NEW
+            FOR EACH ROW MODE DB2SQL
+                BEGIN ATOMIC
+                    SET (NEW.ID) = (NEXTVAL FOR IDN_OIDC_PROPERTY_SEQ);
+                END
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQUEST_OBJECT_REF_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OIDC_REQUEST_OBJECT_REF_TRIG NO CASCADE
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJECT_REFERENCE
+            REFERENCING NEW AS NEW
+            FOR EACH ROW MODE DB2SQL
+               BEGIN ATOMIC
+                   SET (NEW.ID) = (NEXTVAL FOR IDN_OIDC_REQUEST_OBJECT_REF_SEQ);
+               END
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL,
+  REQ_OBJECT_ID INTEGER ,
+  CLAIM_ATTRIBUTE VARCHAR(255),
+  ESSENTIAL CHAR (1),
+  VALUE VARCHAR(255),
+  IS_USERINFO CHAR (1),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQ_OBJECT_CLAIMS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OIDC_REQ_OBJECT_CLAIMS_TRIG NO CASCADE
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJECT_CLAIMS
+            REFERENCING NEW AS NEW
+            FOR EACH ROW MODE DB2SQL
+               BEGIN ATOMIC
+                   SET (NEW.ID) = (NEXTVAL FOR IDN_OIDC_REQ_OBJECT_CLAIMS_SEQ);
+               END
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL,
+  REQ_OBJECT_CLAIMS_ID INTEGER,
+  CLAIM_VALUES VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_TRIG
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJ_CLAIM_VALUES
+            REFERENCING NEW AS NEW
+            FOR EACH ROW MODE DB2SQL
+               BEGIN ATOMIC
+                   SET (NEW.ID) = (NEXTVAL FOR IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_SEQ);
+               END
+/
+
+CREATE TABLE IDN_CERTIFICATE (
+            ID INTEGER NOT NULL,
+            NAME VARCHAR(100) NOT NULL,
+            CERTIFICATE_IN_PEM BLOB,
+            TENANT_ID INTEGER NOT NULL,
+            CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID),
+            PRIMARY KEY (ID))
+/
+CREATE SEQUENCE IDN_CERTIFICATE_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE TRIGGER IDN_CERTIFICATE_TRIGGER NO CASCADE BEFORE INSERT ON IDN_CERTIFICATE
+REFERENCING NEW AS NEW FOR EACH ROW MODE DB2SQL
+  BEGIN ATOMIC
+    SET (NEW.ID)
+    = (NEXTVAL FOR IDN_CERTIFICATE_SEQUENCE);
+  END
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/h2.sql
new file mode 100644
index 00000000..5fd3342c
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/h2.sql
@@ -0,0 +1,76 @@
+DROP INDEX IF EXISTS IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN;
+DROP INDEX IF EXISTS IDX_AUTHORIZATION_CODE ON IDN_OAUTH2_AUTHORIZATION_CODE;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify REFRESH_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify ACCESS_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE modify AUTHORIZATION_CODE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS modify CONSUMER_SECRET VARCHAR(2048);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER AUTO_INCREMENT NOT NULL,
+  TENANT_ID  INTEGER                NOT NULL,
+  APP_ID     INTEGER                NOT NULL,
+  TYPE       VARCHAR(255)           NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED BOOLEAN DEFAULT FALSE,
+  PRIMARY KEY (ID));
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255),
+  EXP_TIME TIMESTAMP NOT NULL ,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (JWT_ID)
+);
+CREATE TABLE IF NOT EXISTS IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+);
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL BOOLEAN ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO BOOLEAN,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+            ID INTEGER NOT NULL AUTO_INCREMENT,
+            NAME VARCHAR(100),
+            CERTIFICATE_IN_PEM BLOB,
+            TENANT_ID INTEGER DEFAULT 0,
+            PRIMARY KEY(ID),
+            CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+);
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mssql.sql
new file mode 100644
index 00000000..abd35f91
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mssql.sql
@@ -0,0 +1,86 @@
+IF EXISTS (SELECT *  FROM sys.indexes WHERE name='IDX_AT') begin DROP INDEX IDN_OAUTH2_ACCESS_TOKEN.IDX_AT; end;
+IF EXISTS (SELECT *  FROM sys.indexes WHERE name='IDX_AUTHORIZATION_CODE') begin DROP INDEX IDN_OAUTH2_AUTHORIZATION_CODE.IDX_AUTHORIZATION_CODE; end;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ALTER COLUMN AUTHORIZATION_CODE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ALTER COLUMN CONSUMER_SECRET VARCHAR(2048);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OAUTH2_SCOPE_VALIDATORS]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+IF NOT EXISTS(SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[SP_AUTH_SCRIPT]') AND TYPE IN (N'U'))
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER IDENTITY NOT NULL,
+  TENANT_ID  INTEGER          NOT NULL,
+  APP_ID     INTEGER          NOT NULL,
+  TYPE       VARCHAR(255)     NOT NULL,
+  CONTENT    VARBINARY(MAX)    DEFAULT NULL,
+  IS_ENABLED BIT DEFAULT 'FALSE',
+  PRIMARY KEY (ID)
+);
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OIDC_JTI]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OIDC_JTI  (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME DATETIME NOT NULL,
+  TIME_CREATED DATETIME NOT NULL,
+  PRIMARY KEY (JWT_ID)
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OIDC_PROPERTY]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL IDENTITY,
+  TENANT_ID  INTEGER ,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL ,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OIDC_REQ_OBJECT_REFERENCE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL IDENTITY,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE ,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID),
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID)
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OIDC_REQ_OBJECT_CLAIMS]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL IDENTITY,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL BIT ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO BIT,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_OIDC_REQ_OBJ_CLAIM_VALUES]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL IDENTITY,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+);
+
+IF NOT  EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_CERTIFICATE]') AND TYPE IN (N'U'))
+CREATE TABLE IDN_CERTIFICATE (
+             ID INTEGER IDENTITY,
+             NAME VARCHAR(100),
+             CERTIFICATE_IN_PEM VARBINARY(MAX),
+             TENANT_ID INTEGER DEFAULT 0,
+             PRIMARY KEY(ID),
+             CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql.sql
new file mode 100644
index 00000000..b9dc92de
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql.sql
@@ -0,0 +1,79 @@
+DROP INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN;
+DROP INDEX IDX_AUTHORIZATION_CODE ON IDN_OAUTH2_AUTHORIZATION_CODE;
+-- ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify REFRESH_TOKEN VARCHAR(2048);
+-- ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify ACCESS_TOKEN VARCHAR(2048);
+
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE modify AUTHORIZATION_CODE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS modify CONSUMER_SECRET VARCHAR(2048);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+CREATE TABLE IF NOT EXISTS SP_AUTH_SCRIPT (
+  ID         INTEGER AUTO_INCREMENT NOT NULL,
+  TENANT_ID  INTEGER                NOT NULL,
+  APP_ID     INTEGER                NOT NULL,
+  TYPE       VARCHAR(255)           NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED BOOLEAN DEFAULT FALSE,
+  PRIMARY KEY (ID));
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL DEFAULT 0 ,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (JWT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS  IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL BOOLEAN ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO BOOLEAN,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+             ID INTEGER NOT NULL AUTO_INCREMENT,
+             NAME VARCHAR(100),
+             CERTIFICATE_IN_PEM BLOB,
+             TENANT_ID INTEGER DEFAULT 0,
+             PRIMARY KEY(ID),
+             CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+)ENGINE INNODB;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql5.7.sql
new file mode 100644
index 00000000..c5cc3323
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/mysql5.7.sql
@@ -0,0 +1,77 @@
+DROP INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN;
+DROP INDEX IDX_AUTHORIZATION_CODE ON IDN_OAUTH2_AUTHORIZATION_CODE;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify REFRESH_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify ACCESS_TOKEN VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE modify AUTHORIZATION_CODE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS modify CONSUMER_SECRET VARCHAR(2048);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+CREATE TABLE IF NOT EXISTS SP_AUTH_SCRIPT (
+  ID         INTEGER AUTO_INCREMENT NOT NULL,
+  TENANT_ID  INTEGER                NOT NULL,
+  APP_ID     INTEGER                NOT NULL,
+  TYPE       VARCHAR(255)           NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED BOOLEAN DEFAULT FALSE,
+  PRIMARY KEY (ID));
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL ,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (JWT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS  IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL BOOLEAN ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO BOOLEAN,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+             ID INTEGER NOT NULL AUTO_INCREMENT,
+             NAME VARCHAR(100),
+             CERTIFICATE_IN_PEM BLOB,
+             TENANT_ID INTEGER DEFAULT 0,
+             PRIMARY KEY(ID),
+             CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+)ENGINE INNODB;
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/oracle.sql
new file mode 100644
index 00000000..4ab4c3e6
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/oracle.sql
@@ -0,0 +1,174 @@
+DECLARE
+  COUNT_INDEXES INTEGER;
+  BEGIN
+    SELECT COUNT(*) INTO COUNT_INDEXES
+      FROM USER_INDEXES
+      WHERE INDEX_NAME = 'IDX_AT';
+
+    IF COUNT_INDEXES > 0 THEN
+      EXECUTE IMMEDIATE 'DROP INDEX IDX_AT';
+    END IF;
+  END;
+  /
+
+DECLARE
+  COUNT_INDEXES INTEGER;
+  BEGIN
+    SELECT COUNT(*) INTO COUNT_INDEXES
+      FROM USER_INDEXES
+      WHERE INDEX_NAME = 'IDX_AUTHORIZATION_CODE';
+
+    IF COUNT_INDEXES > 0 THEN
+      EXECUTE IMMEDIATE 'DROP INDEX IDX_AUTHORIZATION_CODE';
+    END IF;
+  END;
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify REFRESH_TOKEN VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN modify ACCESS_TOKEN VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE modify AUTHORIZATION_CODE VARCHAR(2048)
+/
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS modify CONSUMER_SECRET VARCHAR(2048)
+/
+CREATE TABLE IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)
+/
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER      NOT NULL,
+  TENANT_ID  INTEGER      NOT NULL,
+  APP_ID     INTEGER      NOT NULL,
+  TYPE       VARCHAR(255) NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED CHAR(1) DEFAULT '0',
+  PRIMARY KEY (ID)
+)
+/
+CREATE SEQUENCE SP_AUTH_SCRIPT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER SP_AUTH_SCRIPT_TRIG
+  BEFORE INSERT
+  ON SP_AUTH_SCRIPT
+  REFERENCING NEW AS NEW
+  FOR EACH ROW
+  BEGIN
+    SELECT SP_AUTH_SCRIPT_SEQ.nextval
+    INTO :NEW.ID
+    FROM dual;
+  END;
+/
+CREATE TABLE IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL,
+  TIME_CREATED TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
+  PRIMARY KEY (JWT_ID))
+/
+
+CREATE TABLE IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_PROPERTY_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OIDC_PROPERTY_TRIG
+            BEFORE INSERT
+            ON IDN_OIDC_PROPERTY
+            REFERENCING NEW AS NEW
+            FOR EACH ROW
+               BEGIN
+                   SELECT IDN_OIDC_PROPERTY_SEQ.nextval INTO :NEW.ID FROM dual;
+               END;
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQ_OBJECT_REF_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_REF_TRIG
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJECT_REFERENCE
+            REFERENCING NEW AS NEW
+            FOR EACH ROW
+               BEGIN
+                   SELECT IDN_OIDC_REQ_OBJECT_REF_SEQ.nextval INTO :NEW.ID FROM dual;
+               END;
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER,
+  REQ_OBJECT_ID INTEGER ,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL CHAR (1),
+  VALUE VARCHAR(255),
+  IS_USERINFO CHAR (1),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQ_OBJ_CLAIMS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_CLAIMS_TRIG
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJECT_CLAIMS
+            REFERENCING NEW AS NEW
+            FOR EACH ROW
+               BEGIN
+                   SELECT IDN_OIDC_REQ_OBJ_CLAIMS_SEQ.nextval INTO :NEW.ID FROM dual;
+               END;
+/
+
+CREATE TABLE IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER,
+  REQ_OBJECT_CLAIMS_ID INTEGER,
+  CLAIM_VALUES VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE)
+/
+CREATE SEQUENCE IDN_OIDC_REQ_OBJ_CLM_VAL_SEQ START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_OIDC_REQ_OBJ_CLM_VAL_TRIG
+            BEFORE INSERT
+            ON IDN_OIDC_REQ_OBJ_CLAIM_VALUES
+            REFERENCING NEW AS NEW
+            FOR EACH ROW
+               BEGIN
+                   SELECT IDN_OIDC_REQ_OBJ_CLM_VAL_SEQ.nextval INTO :NEW.ID FROM dual;
+               END;
+/
+
+CREATE TABLE IDN_CERTIFICATE (
+            ID INTEGER,
+            NAME VARCHAR(100),
+            CERTIFICATE_IN_PEM BLOB,
+            TENANT_ID INTEGER DEFAULT 0,
+            PRIMARY KEY(ID),
+            CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID))
+/
+CREATE SEQUENCE IDN_CERTIFICATE_SEQUENCE START WITH 1 INCREMENT BY 1 NOCACHE
+/
+CREATE OR REPLACE TRIGGER IDN_CERTIFICATE_TRIGGER
+		    BEFORE INSERT
+            ON IDN_CERTIFICATE
+            REFERENCING NEW AS NEW
+            FOR EACH ROW
+            BEGIN
+                SELECT IDN_CERTIFICATE_SEQUENCE.nextval INTO :NEW.ID FROM dual;
+            END;
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/postgresql.sql
new file mode 100644
index 00000000..3d1c7507
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step1/identity/postgresql.sql
@@ -0,0 +1,97 @@
+DROP INDEX IF EXISTS IDX_AT;
+DROP INDEX IF EXISTS IDX_AUTHORIZATION_CODE;
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN REFRESH_TOKEN TYPE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_ACCESS_TOKEN ALTER COLUMN ACCESS_TOKEN TYPE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH2_AUTHORIZATION_CODE ALTER COLUMN AUTHORIZATION_CODE TYPE VARCHAR(2048);
+ALTER TABLE IDN_OAUTH_CONSUMER_APPS ALTER COLUMN CONSUMER_SECRET TYPE VARCHAR(2048);
+
+DROP TABLE IF EXISTS IDN_OAUTH2_SCOPE_VALIDATORS;
+CREATE TABLE IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+DROP TABLE IF EXISTS SP_AUTH_SCRIPT;
+DROP SEQUENCE IF EXISTS SP_AUTH_SCRIPT_SEQ;
+CREATE SEQUENCE SP_AUTH_SCRIPT_SEQ;
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER      NOT NULL DEFAULT NEXTVAL('SP_AUTH_SCRIPT_SEQ'),
+  TENANT_ID  INTEGER      NOT NULL,
+  APP_ID     INTEGER      NOT NULL,
+  TYPE       VARCHAR(255) NOT NULL,
+  CONTENT    BYTEA                 DEFAULT NULL,
+  IS_ENABLED BOOLEAN               DEFAULT FALSE,
+  PRIMARY KEY (ID)
+);
+DROP TABLE IF EXISTS IDN_OIDC_JTI;
+CREATE TABLE IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (JWT_ID)
+);
+
+DROP TABLE IF EXISTS IDN_OIDC_PROPERTY;
+DROP SEQUENCE IF EXISTS IDN_OIDC_PROPERTY_SEQ;
+CREATE SEQUENCE IDN_OIDC_PROPERTY_SEQ;
+CREATE TABLE IDN_OIDC_PROPERTY (
+  ID INTEGER DEFAULT NEXTVAL('IDN_OIDC_PROPERTY_SEQ'),
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID) ,
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+);
+DROP TABLE IF EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE;
+DROP SEQUENCE IF EXISTS IDN_OIDC_REQUEST_OBJECT_REF_SEQ;
+CREATE SEQUENCE IDN_OIDC_REQUEST_OBJECT_REF_SEQ;
+CREATE TABLE IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER DEFAULT NEXTVAL('IDN_OIDC_REQUEST_OBJECT_REF_SEQ'),
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS;
+DROP SEQUENCE IF EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS_SEQ;
+CREATE SEQUENCE IDN_OIDC_REQ_OBJECT_CLAIMS_SEQ;
+CREATE TABLE IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER DEFAULT NEXTVAL('IDN_OIDC_REQ_OBJECT_CLAIMS_SEQ'),
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL BOOLEAN ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO BOOLEAN,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES;
+DROP SEQUENCE IF EXISTS IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_SEQ;
+CREATE SEQUENCE IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_SEQ;
+CREATE TABLE IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER DEFAULT NEXTVAL('IDN_OIDC_REQ_OBJECT_CLAIM_VALUES_SEQ'),
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+);
+
+DROP TABLE IF EXISTS IDN_CERTIFICATE;
+DROP SEQUENCE IF EXISTS IDN_CERTIFICATE_PK_SEQ;
+CREATE SEQUENCE IDN_CERTIFICATE_PK_SEQ;
+CREATE TABLE IDN_CERTIFICATE (
+            ID INTEGER DEFAULT NEXTVAL('IDN_CERTIFICATE_PK_SEQ'),
+            NAME VARCHAR(100),
+            CERTIFICATE_IN_PEM BYTEA,
+            TENANT_ID INTEGER DEFAULT 0,
+            CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID),
+            PRIMARY KEY (ID)
+);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/db2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/db2.sql
new file mode 100644
index 00000000..0bd0bb88
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/db2.sql
@@ -0,0 +1,4 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH)
+/
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID)
+/
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/h2.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/h2.sql
new file mode 100644
index 00000000..7f2f5cac
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/h2.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mssql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mssql.sql
new file mode 100644
index 00000000..7f2f5cac
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mssql.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql.sql
new file mode 100644
index 00000000..7f2f5cac
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql5.7.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql5.7.sql
new file mode 100644
index 00000000..7f2f5cac
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/mysql5.7.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/oracle.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/oracle.sql
new file mode 100644
index 00000000..6f816a37
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/oracle.sql
@@ -0,0 +1,4 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH)
+/
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID)
+/
\ No newline at end of file
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/postgresql.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/postgresql.sql
new file mode 100644
index 00000000..7f2f5cac
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/5.5.0/dbscripts/step2/identity/postgresql.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/migration-config.yaml b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/migration-config.yaml
new file mode 100644
index 00000000..4dbeb167
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/migration-resources/migration-config.yaml
@@ -0,0 +1,212 @@
+migrationEnable: "true"
+
+currentVersion: "5.3.0"
+migrateVersion: "5.5.0"
+
+continueOnError: "true"
+batchUpdate: "true"
+ignoreForInactiveTenants: "true"
+
+migrateTenantRange: "false"
+migrationStartingTenantID: "0"
+migrationEndingTenantID: "0"
+
+versions:
+ -
+  version: "5.0.0-SP1"
+  migratorConfigs:
+   -
+    name: "SchemaMigrator"
+    order: 1
+    parameters:
+      location: "step1"
+      schema: "identity"
+ -
+  version: "5.1.0"
+  migratorConfigs:
+   -
+    name: "IdentityDataCleaner"
+    order: 1
+    parameters:
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 2
+    parameters:
+      location: "step1"
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 3
+    parameters:
+      location: "step1"
+      schema: "um"
+   -
+    name: "IdentityDataMigrator"
+    order: 4
+    parameters:
+      schema: "identity"
+   -
+    name: "UMDataMigrator"
+    order: 5
+    parameters:
+      schema: "um"
+   -
+    name: "RegistryDataMigrator"
+    order: 6
+    parameters:
+      schema: "um"
+
+
+ -
+  version: "5.2.0"
+  migratorConfigs:
+   -
+    name: "SchemaMigrator"
+    order: 1
+    parameters:
+      location: "step1"
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 2
+    parameters:
+      location: "step1"
+      schema: "um"
+
+
+ -
+  version: "5.3.0"
+  migratorConfigs:
+   -
+    name: "SchemaMigrator"
+    order: 1
+    parameters:
+      location: "step1"
+      schema: "identity"
+   -
+    name: "ClaimDataMigrator"
+    order: 2
+    parameters:
+      schema: "um"
+   -
+    name: "PermissionDataMigrator"
+    order: 3
+    parameters:
+      schema: "um"
+   -
+    name: "EmailTemplateDataMigrator"
+    order: 4
+    parameters:
+      schema: "identity"
+
+   -
+    name: "ChallengeQuestionDataMigrator"
+    order: 5
+    parameters:
+      schema: "identity"
+   -
+    name: "ResidentIdpMetadataMigrator"
+    order: 6
+    parameters:
+      schema: "identity"
+   -
+    name: "OIDCScopeDataMigrator"
+    order: 7
+    parameters:
+      schema: "identity"
+
+
+ -
+  version: "5.4.0"
+  migratorConfigs:
+   -
+    name: "PermissionMigrator"
+    order: 1
+    parameters:
+      schema: "um"
+   -
+    name: "SchemaMigrator"
+    order: 2
+    parameters:
+      location: "step1"
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 3
+    parameters:
+      location: "step1"
+      schema: "um"
+   -
+    name: "ClaimDataMigrator"
+    order: 4
+    parameters:
+      schema: "um"
+   -
+    name: "OAuthDataMigrator"
+    order: 5
+    parameters:
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 6
+    parameters:
+      location: "step2"
+      schema: "identity"
+
+
+ -
+  version: "5.5.0"
+  migratorConfigs:
+   -
+    name: "SchemaMigrator"
+    order: 1
+    parameters:
+      location: "step1"
+      schema: "identity"
+   -
+    name: "SchemaMigrator"
+    order: 2
+    parameters:
+      location: "step1"
+      schema: "consent"
+   -
+    name: "OAuthDataMigrator"
+    order: 3
+    parameters:
+      schema: "identity"
+   -
+    name: "BPSProfileDataMigrator"
+    order: 4
+    parameters:
+      schema: "identity"
+   -
+    name: "UserStorePasswordMigrator"
+    order: 5
+    parameters:
+      schema: "identity"
+   -
+    name: "SysLogPropertiesMigrator"
+    order: 6
+   -
+    name: "SchemaMigrator"
+    order: 7
+    parameters:
+      location: "step2"
+      schema: "identity"
+   -
+    name: "PolicySubscriberDataMigrator"
+    order: 8
+    parameters:
+      schema: "identity"
+   -
+    name: "KeyStorePasswordMigrator"
+    order: 9
+    parameters:
+      schema: "identity"
+   -
+    name: "SecurityPolicyPasswordMigrator"
+    order: 10
+    parameters:
+      schema: "identity"
+
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/org.wso2.carbon.is.migration-5.5.0.jar b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/org.wso2.carbon.is.migration-5.5.0.jar
new file mode 100644
index 00000000..7ae0b8c8
Binary files /dev/null and b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/identity-migration/org.wso2.carbon.is.migration-5.5.0.jar differ
diff --git a/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/ios-migration.sql b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/ios-migration.sql
new file mode 100644
index 00000000..596e0485
--- /dev/null
+++ b/modules/migration/migration-iot_3.1.0-to-iot-3.3.1/ios-migration.sql
@@ -0,0 +1,43 @@
+-- -----------------------------------------------------
+-- Table `IOS_DEP_PROFILE`
+-- -----------------------------------------------------
+CREATE TABLE IOS_DEP_PROFILE (
+  ID INT NOT NULL AUTO_INCREMENT,
+  UUID VARCHAR(100) DEFAULT NULL,
+  PROFILE_NAME VARCHAR(200) DEFAULT NULL,
+  TENANT_DOMAIN VARCHAR(255) NOT NULL,
+  PROFILE_CONTENT Text DEFAULT NULL,
+  UNIQUE (UUID),
+  PRIMARY KEY (ID)
+);
+
+-- -----------------------------------------------------
+-- Table `IOS_PRE_ENROLLED_DEVICE`
+-- -----------------------------------------------------
+CREATE TABLE IOS_PRE_ENROLLED_DEVICE (
+  ID INT NOT NULL AUTO_INCREMENT,
+  SERIAL VARCHAR(45) DEFAULT NULL,
+  DEVICE_IDENTIFIER VARCHAR(45) DEFAULT NULL,
+  USERNAME VARCHAR(255),
+  TENANT_DOMAIN VARCHAR(255) NOT NULL,
+  STATUS VARCHAR(100) DEFAULT NULL,
+  DEP_PROFILE_ID INT DEFAULT NULL,
+  PROFILE_ASSIGN_TIME TIMESTAMP NULL,
+  PROFILE_PUSH_TIME TIMESTAMP NULL,
+  DEVICE_ASSIGNED_TIME TIMESTAMP NULL,
+  DEVICE_ASSIGNED_BY VARCHAR(100) DEFAULT NULL,
+  NEED_BASIC_AUTH INT DEFAULT 0,
+  IS_AGENT_REQUIRED INT DEFAULT 0,
+  OS VARCHAR(45) DEFAULT NULL,
+  DEVICE_FAMILY VARCHAR(45) DEFAULT NULL,
+  DEVICE_MODEL VARCHAR(45) DEFAULT NULL,
+  DESCRIPTION VARCHAR(200) DEFAULT NULL,
+  COLOR VARCHAR(200) DEFAULT NULL,
+  UNIQUE (SERIAL),
+  PRIMARY KEY (ID),
+  CONSTRAINT fk_IOS_PRE_ENROLLED_DEVICE_IOS_DEP_PROFILE
+    FOREIGN KEY (DEP_PROFILE_ID)
+    REFERENCES IOS_DEP_PROFILE (ID)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION
+);
\ No newline at end of file