Auth0 Migration Guide
If you're transitioning from Auth0 to LoginRadius, this guide outlines how to migrate your users efficiently. You can choose between Bulk Migration to move all users at once, or Just-in-Time (JIT) Migration to migrate users gradually as they log in—depending on your technical requirements and business timelines.
Migration Types
This section outlines the two supported migration methods and helps you decide which strategy suits your use case.
| Migration Type | Managed By | Timing |
|---|---|---|
| Bulk Migration | LoginRadius | One-time migration before go-live |
| Just-in-Time (JIT) | Customer | Gradual (1–6 months), based on business needs |
Bulk Migration (One-Time Import)
Bulk migration is a one-time import process handled by the LoginRadius team. You can use the Auth0 Management API to extract or export data manually in CSV/JSON format. LoginRadius processes this data, maps fields, and imports users into your new environment.
Migration via API
LoginRadius utilizes the Auth0 Bulk User Export API for database migration to retrieve user data from your Auth0 tenant. You don’t need to perform the export yourself—our migration service handles it securely and efficiently.
To ensure a smooth migration, you'll need to provide your Auth0 API credentials, and we’ll manage rate limits and schedule the data export process.
It is important to review the data mapping between Auth0 user fields and the corresponding fields in the LoginRadius schema before migration. The LoginRadius Data Point document can help you understand how user attributes will be transformed and stored in LoginRadius. For more details on data mapping, please click here.
Required API Credentials
LoginRadius requires the following credentials to access Auth0’s user data in bulk via the Management API.
| Field | Description | Example |
|---|---|---|
| clientId | Auth0 Client ID | <Client ID> |
| clientSecret | Auth0 Client Secret | <Client Secret> |
| domain | Auth0 tenant domain | your-tenant.auth0.com |
| connection | Specific connection name (optional) | Username-Password-Authentication |
Migration via CSV/JSON Export
Auth0 allows user data exports for teams that prefer a manual export approach or cannot access the Management API. You must securely share the exported file and confirm data mappings before importing.
This table shows how Auth0 user fields are translated into LoginRadius format. These mappings are finalized during setup.
| Auth0 Field | LoginRadius Field |
|---|---|
| user_id | Uid |
| email_verified | EmailVerified |
| Email.Primary | |
| name | FirstName |
| nickname | UserName |
| created_at | CreatedDate |
| last_login | LastLoginDate |
| identities | SocialProfiles |
| app_metadata | CustomFields |
| user_metadata | CustomFields |
To preserve user authentication, LoginRadius supports most common password hashing schemes used by Auth0. During setup, you must provide technical details like the hash algorithm, salt (if used), and iteration count.
Some of the supported hash types include:
- bcrypt
- scrypt
- SHA1, SHA256
- PBKDF2, and more
Refer to the Hashing Algorithm documentation for details.
Just-in-Time (JIT) Migration
When migrating from Auth0, Just-in-Time (JIT) Migration provides a flexible, user-friendly approach to onboarding users into LoginRadius. Instead of transferring your entire user base at once, JIT migration provisions users only when they actively log in. This helps ensure that only verified and engaged users are migrated—streamlining your data and reducing the risk of importing inactive or outdated records.
Why Use JIT Migration?
-
No bulk imports required
-
Seamless user experience during transition
-
Cleaner data hygiene—only migrate active users.
-
Highly customizable to fit your existing infrastructure and business logic
How It Works
LoginRadius supports two methods of JIT migration:
-
API-Based JIT – Ideal for teams that want complete control over the login and provisioning process through backend logic.
-
Orchestration-Based JIT – Perfect for teams that prefer a low-code approach using the LoginRadius Identity Orchestration Engine.
In both methods, the user is authenticated against your existing identity provider (Auth0 in this case). If authentication succeeds and the user doesn't already exist in LoginRadius, the profile is created automatically in LoginRadius. All future logins are handled through LoginRadius.
API-Based JIT Migration
Here’s how to implement JIT migration using backend APIs:
The user initiates a login using email, username, or phone. Your backend intercepts the request and checks if the user exists in LoginRadius:
If the user exists, proceed to authenticate using:
If the user does not exist in LoginRadius:
-
Authenticate the user using Auth0 Password credentials flow API https://auth0.com/docs/api/authentication/resource-owner-password-flow/get-token.
-
The above API will return the access token of Auth0, now you can call the following API to fetch the user profile https://auth0.com/docs/api/authentication/user-profile/get-user-info.
-
Upon successful validation, use the Account Create API to create the user in LoginRadius:
- Include identity details (email/username/phone)
- Provide the password and any additional profile fields.
Note: The Account Create API requires your API Secret and should only be called securely from your backend.
Once the user is created in LoginRadius, future login attempts are fully handled by LoginRadius, with no further calls to Auth0.
Depending on where your migration logic runs, use one of the following:
Backend (Secure) API
- Account Create API – Requires API Secret (backend only)
Frontend-Safe API (Optional if you avoid secrets)
- User Registration by Email – For non-sensitive use cases
Orchestration-Based JIT Migration
If you want to skip writing backend logic, then you can use the LoginRadius Identity Orchestration Engine to handle JIT migration visually. To get started:
-
Download the sample workflow json file.
-
Navigate to Orchestration > Workflows in your LoginRadius dashboard.
-
Click New Workflow and import the JSON.
-
Once loaded, use the External Identity Lookup node in LoginRadius to configure a call to your Auth0 login or user info endpoint. This typically involves setting the HTTP method (e.g.,
POST), endpoint URL, request headers, and a request body that includes user credentials or identifiers. -
For step-by-step configuration, refer to LoginRadius IO workflow Nodes.
To learn more about this feature, check out the Identity Orchestration Overview.
Related Resources
Data Migration Security and Sanitization
Ensure secure, compliant data migration with LoginRadius. Learn about sanitization, hashing algorithms, and best practices for safe CIAM data transfers.
Akamai Migration
If you're transitioning from Akamai Identity Cloud (Janrain) to LoginRadius, this guide outlines how to migrate your users efficiently. You can choose between **Bulk Migration** to move all users at once, or **Just-in-Time (JIT)** Migration to migrate users gradually as they log in—depending on your technical requirements and business timelines.