{"id":33319667,"url":"https://github.com/abbaspour/auth0-account-migration","last_synced_at":"2025-11-24T16:00:52.974Z","repository":{"id":48385824,"uuid":"107612284","full_name":"abbaspour/auth0-account-migration","owner":"abbaspour","description":"Lazy Migration for Auth0 Tenants","archived":false,"fork":false,"pushed_at":"2021-07-28T19:39:08.000Z","size":18,"stargazers_count":5,"open_issues_count":3,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-04-21T19:58:04.105Z","etag":null,"topics":["accounting","auth0","import","lazy","migration","tenant"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abbaspour.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-20T00:19:32.000Z","updated_at":"2024-04-21T19:58:04.106Z","dependencies_parsed_at":"2022-08-27T00:30:34.740Z","dependency_job_id":null,"html_url":"https://github.com/abbaspour/auth0-account-migration","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/abbaspour/auth0-account-migration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abbaspour%2Fauth0-account-migration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abbaspour%2Fauth0-account-migration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abbaspour%2Fauth0-account-migration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abbaspour%2Fauth0-account-migration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abbaspour","download_url":"https://codeload.github.com/abbaspour/auth0-account-migration/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abbaspour%2Fauth0-account-migration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286079811,"owners_count":27282121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-24T02:00:07.096Z","response_time":68,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["accounting","auth0","import","lazy","migration","tenant"],"created_at":"2025-11-19T21:02:52.068Z","updated_at":"2025-11-24T16:00:52.951Z","avatar_url":"https://github.com/abbaspour.png","language":"JavaScript","funding_links":[],"categories":["Projects Using Auth0"],"sub_categories":[],"readme":"Table of Contents\n=================\n\n- [Introduction](#introduction)\n    - [How Does it Work?](#how-does-it-work)\n    - [Terminology](#terminology)\n- [Setup](#setup)\n    - [Old Account](#old-account)\n    - [New Account](#new-account) \n- [Bulk Import/Export](#bulk-importexport)\n\nSetup\n=====\n\nThere are times when a company is using [Auth0](www.auth0.com) \nfor a while and they decide they need to move their tenant to a different region, or a private instance or public from private.\nDue to the sensitive nature of passwords, [Auth0](www.auth0.com) does not support export and import of passwords. To help \nfacilitate this, here is an example for setting up a migration from one tenant to another in a different region.\n\n\nHow Does it Work?\n-----------------\n\nIt follows the same traditional model that Auth0 uses for migrating from other identity providers such as [Parse](https://auth0.com/blog/migrating-your-parse-users-to-auth0/). \n\n\u003ckbd\u003e![Password Migration](https://cdn.auth0.com/content/email-wall/use-cases/database-migration/database-migration-logic.png)\u003c/kbd\u003e\n\n \n[login.js](login.js) is used to create a custom database pointing to old account. \nIt uses standard OpenID Connect `/token` interface to authenticate and receive `id_token` for customer profile. After \nauthentication, users are also created in new account's database.\n\nTerminology\n-----------\n\nOne last thing before we get started to simplify our terminology:\n- **old account** : the account you are migrating *from*. This is **amin02** in the screenshots.\n- **new account**: the account you are migrating *to*. This is **amin01** in the screenshots.\n   \nThese accounts could be sitting in different locations (US, Europe, Australia) or even in private installations. \nThe steps and screenshots below are for cloud deployment but the same should go for private deployments as well.\n\nInstallation\n============\n\nSetup consist of two parts: your old account from which you import accounts, and your new account. \n\nOld Account\n-----------\nLogin to your old account in Auth0. Go to [management dashboard](manage.auth0.com) and follow these steps:\n \n#### Step 1: Go to Dashboard and start a new Client \nFrom the left-hand side list, click on **Clients** link. Then click **Create Client** box.\n \n\u003ckbd\u003e![Client Creation](http://i66.tinypic.com/2wrge50.png)\u003c/kbd\u003e\n\n\n\n#### Step 2: Creation Migration Application\nPut a name (such as \"Migration App\") and select **Non Interactive Client** type.\n\n\u003ckbd\u003e![Client Name and Type](http://i67.tinypic.com/2wftfdj.png)\u003c/kbd\u003e\n\n\n\n#### Step 3: Migration Application Details\nMigration client app will have its own `Domain` as well as auto-generated `Client ID` and `Secret`. \nLet's leave it there for now. We'll come back to grab these values when setting up migration scripts in your new account.\n\n\u003ckbd\u003e![Client Settings](http://i64.tinypic.com/2rf6gsz.png)\u003c/kbd\u003e\n \n\n\n#### Step 4: Configure Token Endpoint Authentication Method\nScroll down in client application settings page. You'll find **Client Type** and **Token Endpoint Authentication Method** settings.\nChange values to:\n* **Client Type** switch to **Non Interactive Client**\n* **Token Endpoint Authentication Method** becomes active then. Set it to **Post**\n \n\u003ckbd\u003e![Client Type and Token Auth Method](http://i66.tinypic.com/a1lrlw.png)\u003c/kbd\u003e\n \n\n\n#### Step 5: Required Grant Types\nScroll down further to client settings page. At the bottom of the page you'll find **Show Advanced Settings** link. \nClick to open and select **Grant Types** tab.\nThere's no harm keeping rest of grant types but for this application you *must* have these two:\n\n- Client Credentials\n- Password  \n\n\u003ckbd\u003e![Grant Types](http://i64.tinypic.com/29nul8z.png)\u003c/kbd\u003e\n\nFor those interested to dig deeper, \"Client Credentials\" is used to validate user's input\nusername and password in [login.js](login.js#L6) and \"Password\" grant type is used to generate a new management API `access_token` so \n[get_user.js](get_user.js#L7) can invoke search API. \n\nBoth endpoints also receive `client_id` and `client_secret` for authentication in the body of `POST` request as \nconfigured in [Step 4](#step-4-configure-token-endpoint-authentication-method).\n\n#### Step 6: Management API Audience\nWe're done with the client application creation but there's still a few more steps required in old account. \nGo back to dashboard and this time click on **API** section. \nThis should open up Auth0 Management API client section and its **API Audience**. \nSimilar to client `Domain`, `ID` and `Secret`, we'll need the value for Audience URL when configuring the new account scripts.\n\n\u003ckbd\u003e![Management API Audience](http://i68.tinypic.com/15zgllz.png)\u003c/kbd\u003e\n\n\n\n#### Step 7: Authorize Migration App Call Management API \nClick on the **Auth0 Management API** link and select the **Non Interactive Clients** tab. \nHere you'll see list of your client applications. Make sure **Migration App** is **Authorized** to call management API.\nNote if your creation client application has any other name ([Step 2](#step-2-creation-migration-application)), \nsame is shown here.  \n\n\u003ckbd\u003e![Management API Audience](http://i68.tinypic.com/1687n9d.png)\u003c/kbd\u003e\n \n\n\n#### Step 8: Limit Management API Scope of Migration App\nManagement API is pretty powerful and we only need a small subset in order to perform migration task.\nGo to **Scopes** tab and only select **`read:users`**.\n\n\n\u003ckbd\u003e![Management API Scope](http://i65.tinypic.com/vfaiq.png)\u003c/kbd\u003e\n\n#### Step 9: Add A Rule for Profile Metadata \n\nGo to **Rules** section of dashboard and click on \"Create (Your First) Rule\", then select **empty rule** template. Put the\nrule name as \"add user and app metadata to profile\" and copy [metadata-rule.js](metadata-rule.js) code to editor and Save.\n\n\u003ckbd\u003e![Add Metadata Rule](http://i67.tinypic.com/2zdufxz.png)\u003c/kbd\u003e\n\n\n\nCongratulation, we are done setting up the migration client in your old account which is the bulk of work. \nThe remaining steps need to be done in your new account. You may now logout from your old account and login to new account. \n\nNew Account\n-----------  \nNew account is the one we're migrating customer to. As we mentioned in \"[How Does it Work](#how-does-it-work)\" section\nit has its own database that gradually grow as customers login. \n    \n\n#### Step 10: Go to Database \nTo get started let's login to your new account and go **Connections** \u003e\u003e **Database** \u003e\u003e **Username-Password-Authentication**.\n\n\u003ckbd\u003e![Database Connection](http://i63.tinypic.com/2igygxz.png)\u003c/kbd\u003e\n\n\n\n#### Step 11: Custom Database\nWithin Database settings page, go to **Custom Database** tab and enable **Use my own database** flag. \n\n\u003ckbd\u003e![Enable Custom Database](http://i67.tinypic.com/2lm9vfn.png)\u003c/kbd\u003e\n\n\n\n\n#### Step 12: Database Action Scripts - Login\nOnce you've enabled the custom database mode, scroll down to **Database Action Scripts** section. Here you have two tabs. \nSelect **Login** tab and replace the sample code with the code from [login.js](login.js), then click Save.\n  \n\u003ckbd\u003e![Login Script](http://i66.tinypic.com/xcrlhf.png)\u003c/kbd\u003e\n\n\n\n#### Step 13: Database Action Scripts - Get User\nNow switch to **Get User** tab and copy the code from [get_user.js](get_user.js) into the box and click Save.\n\n\u003ckbd\u003e![Get User Script](http://i64.tinypic.com/21axunr.png)\u003c/kbd\u003e\n\n\n\n#### Step 14: Scripts Settings\nWe're almost there with our custom database scripts. Only remaining bit is to scroll further down the page to **Settings** section.\nHere we'll add four values from old account setup as Key/Value parameters. \n\n\n\u003ckbd\u003e![Custom Database Settings](http://i65.tinypic.com/vzfx94.png)\u003c/kbd\u003e\n\n\n| Key | Sample Value | Description |Setup Step|\n| ----- |-------|-------------|-------|\n|`Domain`|`amin02.auth0.com`|Domain of Migration App|[Step 3](#step-3-migration-application-details)|\n|`Client_ID`|`7eph1tcmdmmYZq0znMSYn36BqMTbD6WD`|Client ID of Migration App|[Step 3](#step-3-migration-application-details)|\n|`Client_Secret`|`Y2aepoy.........6yidAyFz`|Client Secret of Migration App|[Step 3](#step-3-migration-application-details)|\n|`Audience`|`https://amin02.auth0.com/api/v2/`|Management API audience of old account|[Step 6](#step-6-management-api-audience)|\n|`Connection`|`TESTDB`|Connection name in old account||\n\n\n#### Step 15: Enable Import Users to Auth0\nLast step of configuration is to go back to **Settings** tab in database settings and \n**Enable Import Users to Auth0** flag. This is *critical* as it enables Auth0 to collect password and store accounts as customers login. \n  \n\u003ckbd\u003e![Enable Import Users to Auth0](http://i65.tinypic.com/352et0m.png)\u003c/kbd\u003e\n\nThat's it folks. Now point your applications to new account.\n \nCheckout [this quick start](quickstart.md) for a full run of login and forgotten password flows.\n\n\nBulk Import/Export\n==================\n\nConsidering this is an on-demand strategy, migration takes time. \nIt could vary from a few days to months depending on frequency of customers visit.\nAt the end of migration phase, if there are still customers pending, you may decide to either not migrate them or \ndo a bulk Import/Export. Once old Auth0 account is shut down, there is no way to validate non-migrated users' credentials except with their profile \nmigrated, they can use the \"Forgotten Password\" link to set a new password and continue to use the system if needed.   \n\nTo achieve this, follow the below steps at the end of migration phase:\n\n1. Install Import/Export extension on both old and new accounts\n\u003ckbd\u003e![Bulk - Extensions](http://i65.tinypic.com/zt8az6.png)\u003c/kbd\u003e\n2. Export all accounts from old account into default JSON file\n\u003ckbd\u003e![Bulk - Export](http://i67.tinypic.com/i6y4ib.png)\u003c/kbd\u003e\n3. Import JSON file from step 2 into new account using the same extension\n\u003ckbd\u003e![Bulk - Import](http://i64.tinypic.com/a08eu.png)\u003c/kbd\u003e\n4. Review results in your mailbox. Fail ones are normal for the migrated users as their email is already registered in new account. \n\u003ckbd\u003e![Bulk - Review](http://i66.tinypic.com/10ng5kg.png)\u003c/kbd\u003e\n \n\n\n\n\u003e **NOTE:** Users migrated with bulk import/export step don't have their passwords in the new account. \n\u003e They have to use \"Don't remember your password?\" link on login page to reset their password.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabbaspour%2Fauth0-account-migration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabbaspour%2Fauth0-account-migration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabbaspour%2Fauth0-account-migration/lists"}