I’ve tried to find some information around this but haven’t had much luck. Is there anyway to bulk import users from Office 365/Azure AD?
We want to have internal users from our Azure AD be able to login to Auth0 using their Office 365 logins, but we want to assign permissions in advance of them logging in for the first time. The only way I can see us being able to do this is by first importing them as users from Azure AD, then assigning permissions on the imported users.
Is it possible to do this with Auth0? Or is there someway of setting permissions for a user before they’ve logged in for the first time with Office 365?
I can think of a couple options here, but neither of them are simple:
Bulk import - for this you would need to export your user data, convert the output into appropriately formatted JSON including your permissions data, and then import into Auth0. You might be able to keep your existing passwords**. If not, all users will need to reset their passwords. Important: In this model, the users are no longer authenticating with their AD credentials.
As above, but also connect your Office 365/Azure AD to Auth0, and set up account linking. You might be able to create the initial user profiles instead of importing them. That option should be investigated to see if there is an advantage to create vs. import for you. E.g., with create you can assign a random password to each user (these are throwaway passwords that don’t need to be remembered). Once account linking is set up, your users will then log in with their AD creds, and their AD login will be linked to their Auth0 profile.
**passwords must use bcrypt $2a$ and $2b$ with 10 saltRounds
Thanks for the response! I’d actually started looking at the second option you mentioned above through the use of a rule to merge the 365 account metadata with the existing Auth0 account. This seems to have worked as I expected, which is good!
Thanks for your help.
EDIT: Actually I might have spoken too soon…it seems the rule provided by Auth0 to merge metadata overwrites roles with each login to a different system. We currently have two applications setup in Auth0 with 2 different roles using the Authorization extension.
If I log in to the first application, the metadata reflects that application’s roles. If I login to the second, it reflects the second application’s roles. I might be misunderstanding how the Authorization extension works here though - I was under the impression it just provided whichever roles were relevant to the application being logged in to.