User Migration Using Management API

I want to migrate the user from my system to Auth0 using management api.
My system had password stored using md5 hashed.

Now in this scenario how migration with management api will work.

  1. importing md5 hash from my system to auth0 database connection will work ?
  2. I have strict requirement not to use Automatic migration using login script, only option for me is Management APi.
  3. Is there way to let Auth0 know the password are already hashed and using md5 hashing algorithm for login.

Hello @mahendra.take,

There are two options for migrating users from an external data store into Auth0:

  1. Automatic or “silent” migration:
  2. Bulk user migration:

Bulk migration options do not support migration of passwords. Auth0 uses bcrypt for storing passwords and of course there is no way to convert passwords hashed with one method into another method. In this scenario your users would have to reset their passwords. At this time there is no way around this as far as I know.

Automatic migration will migrate your passwords as Auth0 has the opportunity to capture the password during login and hash it with bcrypt. This is the method I am using where I work. It is very important to get the login and get user scripts right, but once they are in place this method works quite well.

1 Like

Let us know @mahendra.take if you have any questions regarding this!

we basically relied on username password authentication, we don’t have username and his associated email address in my system.

Automatic Migration option wont be usable in my case. Even for Automatic migration email address is not there only username will be there, Not sure Automatic migration will work without email.

For Bulk migration my system relies on Username only ,
so no way to reset password in Auth0, since reset password is based on email verification.

Is there way to set security question verification and password reset ?

Hey there @mahendra.take!

I did some research and it seems like we do not offer any kind of security question verification. The only blog post in general we have about it is here:

When it comes to password reset:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.