Assign Role to Users when Bulk Importing via Management API

Hi,

When using the management API to bulk import a list of users via the /api/v2/jobs/users-imports endpoint, is it possible to also assign roles to the users? I don’t see anything in the JSON schema that lets us assign a role to a user.

However, I did notice that in this tutorial video at 7:25, a role is assigned to a user in the example using the “app_metadata” JSON property. I tried to do the same when testing a bulk import, but that didn’t seem to work. I took a look at the roles and permissions for the new users in the management portal, and nothing was set. The only property that was set was the “app_metadata” property on the user.

Is there any way to actually set a user’s roles and permissions when bulk importing?

NOTE: Our auth API is setup to use RBAC.

Hello @jvivanco,

Welcome to the Auth0 Community!

It sounds like you might be using the Auth0 “Core RBAC” feature. What is demonstrated in that video is not related to core RBAC. It looks more like a roll-your-own-rbac solution.

One of the Auth0 folks might correct me, but I don’t think it is possible (at this time at least) to import core RBAC stuff via the /users-imports endpoint, since the RBAC data is stored separate from the user’s profile. I suspect you would have to load that data separately using the /roles or /users endpoints.

I’d suggest submitting a feature request here.

3 Likes

Thanks for the reply. For my use-case, I just ended up writing a script to import my list of users using the management API.

The script just iterated my list of users one-by-one, created each user in Auth0 POST /users, then assigned his/her role POST /users/{id}/roles. It’s a brute force (ish) solution, but at the end of the day, it was something that just needed to run once. :grimacing:

1 Like

Interested in this feature.
The issue in my case is that I have thousands of users and passwords are unknown. So they can be imported using bulk operations only. I didn’t find a way to import custom password hashes by the management API. So the only way I foresee is to import users and then go through them one-by-one and assign roles. Absolutely weird. I think that’s a natural task when importing existing users.

1 Like

Hello @alex.pravdin,

You can import hashed passwords as long as they are in one of the formats listed below. The associated docs are here. As mentioned above, if you want to use the core RBAC feature, your import will happen in two phases: 1. bulk import users and passwords, 2. a separate script to update the core RBAC data.

Supported hashing schemes:

  • argon2
  • bcrypt
  • hmac
  • ldap
  • md4
  • md5
  • sha1
  • sha256
  • sha512
  • pbkdf2
3 Likes

Thanks for helping on this one Mark!

This would definitely run into rate limit issues. So you totally replaced the bulk import with the custom script, right?

Correct. In my script, I added a timeout after each request to ensure we didn’t hit the rate limit. Took a little while to iterate the entire user set, but thankfully the list wasn’t super huge; it was just a list of internal users (a few hundred or so IIRC).

1 Like

Thanks for sharing it with the rest of community @jvivanco!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.