Ticket ENG-2806

Description Of Changes

Add a data migration to unify IDP staged resource types. Existing Okta App and Entra App rows are consolidated to a single IDP App resource type, with the provider stored in meta["provider"]. Also renames the legacy okta_app_id key to the generic app_id in the meta JSON.

Dependency: Fidesplus PR ethyca/fidesplus#3267 consumes the new IDP App resource type. This migration should be merged first.

No customer data is affected — IDP monitor resources are not yet in production. This migration keeps continuity in dev/staging environments.

Code Changes

• src/fides/api/alembic/migrations/versions/xx_2026_03_20_1745_ad1bb600715b_migrate_idp_staged_resources.py - Data migration: rename okta_app_id → app_id in meta, add provider key, update resource_type from Okta App/Entra App to IDP App

Steps to Confirm

1. Run alembic upgrade head — verify migration applies without errors
2. Query SELECT resource_type, meta->>'provider', meta->>'app_id' FROM stagedresource WHERE resource_type = 'IDP App' — verify all IDP resources have the new type and provider
3. Run alembic downgrade 38071fffda39 — verify downgrade restores original Okta App/Entra App types and okta_app_id key

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required