When using the management API to bulk import a list of users via the /api/v2/jobs/users-imports endpoint, is it possible to also assign roles to the users? I don’t see anything in the JSON schema that lets us assign a role to a user.
However, I did notice that in this tutorial video at 7:25, a role is assigned to a user in the example using the “app_metadata” JSON property. I tried to do the same when testing a bulk import, but that didn’t seem to work. I took a look at the roles and permissions for the new users in the management portal, and nothing was set. The only property that was set was the “app_metadata” property on the user.
Is there any way to actually set a user’s roles and permissions when bulk importing?
It sounds like you might be using the Auth0 “Core RBAC” feature. What is demonstrated in that video is not related to core RBAC. It looks more like a roll-your-own-rbac solution.
One of the Auth0 folks might correct me, but I don’t think it is possible (at this time at least) to import core RBAC stuff via the /users-imports endpoint, since the RBAC data is stored separate from the user’s profile. I suspect you would have to load that data separately using the /roles or /users endpoints.
Thanks for the reply. For my use-case, I just ended up writing a script to import my list of users using the management API.
The script just iterated my list of users one-by-one, created each user in Auth0 POST /users, then assigned his/her role POST /users/{id}/roles. It’s a brute force (ish) solution, but at the end of the day, it was something that just needed to run once.
Interested in this feature.
The issue in my case is that I have thousands of users and passwords are unknown. So they can be imported using bulk operations only. I didn’t find a way to import custom password hashes by the management API. So the only way I foresee is to import users and then go through them one-by-one and assign roles. Absolutely weird. I think that’s a natural task when importing existing users.
You can import hashed passwords as long as they are in one of the formats listed below. The associated docs are here. As mentioned above, if you want to use the core RBAC feature, your import will happen in two phases: 1. bulk import users and passwords, 2. a separate script to update the core RBAC data.
Correct. In my script, I added a timeout after each request to ensure we didn’t hit the rate limit. Took a little while to iterate the entire user set, but thankfully the list wasn’t super huge; it was just a list of internal users (a few hundred or so IIRC).