Hi,
Yes, that sounds right.
And as advised in the guide, I would double-check it in a test server because I think this question is still pertinent:
Specifically, you probably want to make sure you only need to migrate the provider & not also set a newExternalIdentity
newExternalIdentityis most relevant in cases where your users are known by their e-mail address with the new Identity Provider rather than an LDAP login (colin.mueller3@example.comvs.cmueller3).
HTH,
Ann