Learn how to migrate users and organizations from Auth0.
Migrate your existing user data from Auth0 into WorkOS using the AuthKit API. Follow these steps to export and then import your users.
Export user data from Auth0 using the tools outlined in Auth0’s export documentation. A combination of exports may be necessary to retrieve all desired user information, including passwords.
Use Auth0’s “Bulk User Export” jobs to create export jobs programmatically via the Auth0 Management API, or through the official Auth0 “User Import / Export Extension”.
In both cases, request which fields to export for each user. The output is a newline-delimited JSON file.
If your Auth0 users sign in using password-based authentication and you want to import those passwords into WorkOS, contact Auth0 support.
After opening a ticket with Auth0, allow up to a week or more for processing. You will receive a newline-delimited JSON file containing a subset of user data, including the password hash.
Auth0 does not make the plaintext passwords available for export.
After obtaining the necessary export files, choose one of two options for importing your user data into WorkOS.
WorkOS has a public GitHub repository containing code that can be run to import users into WorkOS using the data retrieved in the previous step.
If you’d rather write your own code, the same process can be completed using the public WorkOS APIs, as described below.
Use the data from Auth0’s “Bulk User Export” job to call the WorkOS Create User API for each user. Map the default fields from the Auth0 export to WorkOS Create User API parameters:
| Auth0 | WorkOS API | |
|---|---|---|
| → | email | |
| Email Verified | → | email_verified |
| Given Name | → | first_name |
| Family Name | → | last_name |
Import passwords during the user creation process, or later using the WorkOS Update User API.
Auth0 uses the bcrypt password hashing algorithm, which WorkOS supports. Pass the following parameters to the WorkOS API:
password_hash_type set to 'bcrypt'password_hash set to the passwordHash field from your Auth0 exportUsers who previously signed in through Auth0 using social auth providers, such as Google or Microsoft, can continue to sign in with those providers after migrating to WorkOS.
Configure the relevant provider’s client credentials in WorkOS. See the integrations page for guidance.
After configuring the provider, users sign in with their provider credentials and are automatically linked to a WorkOS user. WorkOS uses the email address from the social auth provider to determine this match.
Some users may need to verify their email address through WorkOS if email verification is enabled in your WorkOS environment’s authentication settings.
Email verification behavior varies depending on whether the provider is known to verify email addresses. For example, users signing in using Google OAuth and a gmail.com email domain will not need to perform the extra verification step.
Auth0 has a concept of “Organizations” which are analogous to WorkOS Organizations, in that both represent a B2B customer.
Export your Auth0 organizations using the Auth0 Management API to programmatically paginate through each Organization. Then call the WorkOS Create Organization API to create matching Organizations in WorkOS.
Export Auth0 organization memberships using Auth0’s “Bulk User Export” as described in the Exporting Auth0 user data step. Then use the WorkOS Organization Membership API to add each user to their respective organization.
There are some differences between the Multi-Factor Auth (MFA) strategies offered by Auth0 and WorkOS.
Auth0 supports SMS-based second factors, however WorkOS does not due to known security issues with SMS. Users who have SMS-based second factors will need to switch to using email-based Magic Auth, or re-enroll in MFA using a TOTP-based authenticator instead.
With your users imported, start using WorkOS to manage authentication. See the Quick Start guide to learn how to integrate WorkOS AuthKit into your application.