How to Import Password Hashes from Gigya to Auth0

Problem statement

There is a need to migrate users from Gigya to Auth0. This article offers assistance with transforming the password hash exported from Gigya to those compatible with Auth0 so they can be imported via bulk import.


The output password hash from Gigya will look like this:

"password": {
  "created": "2024-01-28T17:20:31.188Z",
  "hashSettings": {
    "salt": "YWJjc29tZXRoaW5n==",
    "rounds": 10000,
    "algorithm": "pbkdf2_sha512"
  "hash": "89v2METlSkX2LKWSQGHCdE4iUkE="

These are usually hashed with the PBKF2 algorithm with a SHA512 digest, 10000 rounds (iterations), and a key length of 20.

To import to Auth0, the password needs to be converted to the PHC format, which goes like this:

So, in the example above, the conversion looks like this:

Note that we have truncated the equal (=) signs at the end of the salt and password hash. This is required. Also, note that there is a dollar ($) sign between the salt and the hash.

To import a bunch of users, create a script to replace the salt and hash for each user, as the other part of the hash will remain the same.