Auth0 Home Blog Docs

Create groups and role while migrating data from one tenant to another

rules
authorization-extens
connection

#1

I am migrating users from one tenant to another. Following this approach :

**1. New Tenant: create a Custom Database with Import mode enabled **
**2. Legacy Tenant: create a new Machine to Machine Application, which will be the new Tenant/Application/Custom Database. **
**3. New Tenant: Since you’re provided a password in the Login script, you could make a Resource Owner Password Grant call to the Machine To Machine Client (created in previous step) from here * This would ensure the user is providing the correct password from your legacy tenant. **
*** This call will return you an Access Token that you could use to copy all the user’s information from the legacy tenant to your new tenant. If you are saving app_metadata you’ll want to pay close attention to the instructions here regarding that: https://auth0.com/docs/metadata#metadata-and-customdatabases **
4. New Tenant: Also write a getUser script which will be quite similar to the Login script without the need for a password. You would need to implement the Client Credentials Grant in this case to get an Access Token. You would use that to fetch the users prole from the legacy tenant.

But in the new tenant we are using authorization extension to create groups and roles. For new users we are creating group and roles from hook by calling authorization apis and during login saving to app_metadata.
But when using custom database after user migration to another tenant, not able to create group and roles. Should I call authorization apis from rule?


#3

:wave: @tushar.gaurav I just want to clarify - are you having trouble importing the previously assigned groups and roles? Or you are having trouble assigning new roles and groups through the use of the authorization extension that you did not use in your previous tenant?


#4

@kim.noel In the old tenant we had groups and roles under user_metadata. Since we are changing tenant we started using authorization extension for managing Groups and roles.
So for migration we need to copy group and roles from old tenant’s user_metadata to new tenants app_metadata as well as adding users to their respective group and roles by calling authorization set apis(Which we created in authorization extension).