Auth0 Migration Guide

If you're transitioning from Auth0 to LoginRadius, this guide outlines how to migrate your users efficiently. You can choose between Bulk Migration to move all users at once, or Just-in-Time (JIT) Migration to migrate users gradually as they log in—depending on your technical requirements and business timelines.

Migration Types

This section outlines the two supported migration methods and helps you decide which strategy suits your use case.

Migration Type	Managed By	Timing
Bulk Migration	LoginRadius	One-time migration before go-live
Just-in-Time (JIT)	Customer	Gradual (1–6 months), based on business needs

Bulk Migration (One-Time Import)

Bulk migration is a one-time import process handled by the LoginRadius team. You can use the Auth0 Management API to extract or export data manually in CSV/JSON format. LoginRadius processes this data, maps fields, and imports users into your new environment.

Migration via API

LoginRadius utilizes the Auth0 Bulk User Export API for database migration to retrieve user data from your Auth0 tenant. You don’t need to perform the export yourself—our migration service handles it securely and efficiently.

To ensure a smooth migration, you'll need to provide your Auth0 API credentials, and we’ll manage rate limits and schedule the data export process.

It is important to review the data mapping between Auth0 user fields and the corresponding fields in the LoginRadius schema before migration. The LoginRadius Data Point document can help you understand how user attributes will be transformed and stored in LoginRadius. For more details on data mapping, please click here.

Required API Credentials

LoginRadius requires the following credentials to access Auth0’s user data in bulk via the Management API.

Field	Description	Example
clientId	Auth0 Client ID	<Client ID>
clientSecret	Auth0 Client Secret	<Client Secret>
domain	Auth0 tenant domain	your-tenant.auth0.com
connection	Specific connection name (optional)	Username-Password-Authentication

Migration via CSV/JSON Export

Auth0 allows user data exports for teams that prefer a manual export approach or cannot access the Management API. You must securely share the exported file and confirm data mappings before importing.

How to Share

LoginRadius offers secure and compliant methods—such as SFTP (Secure File Transfer Protocol)—for transferring your exported Auth0 data files.

Once the export is received, our migration team collaborates closely with you to review and validate field mappings between Auth0 and LoginRadius schemas.

This process ensures that all critical identity attributes, including user profile information and authentication credentials, are accurately migrated. Additionally, we assist in verifying password hash compatibility to maintain a seamless login experience for end users post-migration.

Data Mapping Example

This table shows how Auth0 user fields are translated into LoginRadius format. These mappings are finalized during setup.

Auth0 Field	LoginRadius Field
user_id	Uid
email_verified	EmailVerified
email	Email.Primary
name	FirstName
nickname	UserName
created_at	CreatedDate
last_login	LastLoginDate
identities	SocialProfiles
app_metadata	CustomFields
user_metadata	CustomFields

Password Hash Support

To preserve user authentication, LoginRadius supports most common password hashing schemes used by Auth0. During setup, you must provide technical details like the hash algorithm, salt (if used), and iteration count.

Some of the supported hash types include:

• bcrypt
• scrypt
• SHA1, SHA256
• PBKDF2, and more

Refer to the Hashing Algorithm documentation for details.

Just-in-Time (JIT) Migration

When migrating from Auth0, Just-in-Time (JIT) Migration provides a flexible, user-friendly approach to onboarding users into LoginRadius. Instead of transferring your entire user base at once, JIT migration provisions users only when they actively log in. This helps ensure that only verified and engaged users are migrated—streamlining your data and reducing the risk of importing inactive or outdated records.

Why Use JIT Migration?

• No bulk imports required

• Seamless user experience during transition

• Cleaner data hygiene—only migrate active users.

• Highly customizable to fit your existing infrastructure and business logic

How It Works

LoginRadius supports two methods of JIT migration:

• API-Based JIT – Ideal for teams that want complete control over the login and provisioning process through backend logic.

• Orchestration-Based JIT – Perfect for teams that prefer a low-code approach using the LoginRadius Identity Orchestration Engine.

In both methods, the user is authenticated against your existing identity provider (Auth0 in this case). If authentication succeeds and the user doesn't already exist in LoginRadius, the profile is created automatically in LoginRadius. All future logins are handled through LoginRadius.

API-Based JIT Migration

Here’s how to implement JIT migration using backend APIs:

User Login Attempt

The user initiates a login using email, username, or phone. Your backend intercepts the request and checks if the user exists in LoginRadius:

• Check Email Availability
• Check UserName Availability
• Phone Number Availability

If the user exists, proceed to authenticate using:

• Login by Email
• Login by Username
• Login By Phone

User Not Found in LoginRadius

If the user does not exist in LoginRadius:

• Authenticate the user using Auth0 Password credentials flow API https://auth0.com/docs/api/authentication/resource-owner-password-flow/get-token.

• The above API will return the access token of Auth0, now you can call the following API to fetch the user profile https://auth0.com/docs/api/authentication/user-profile/get-user-info.

• Upon successful validation, use the Account Create API to create the user in LoginRadius:

  • Include identity details (email/username/phone)
  • Provide the password and any additional profile fields.

Note: The Account Create API requires your API Secret and should only be called securely from your backend.

Future Logins

Once the user is created in LoginRadius, future login attempts are fully handled by LoginRadius, with no further calls to Auth0.

LoginRadius APIs to Use

Depending on where your migration logic runs, use one of the following:

Backend (Secure) API

• Account Create API – Requires API Secret (backend only)

Frontend-Safe API (Optional if you avoid secrets)

• User Registration by Email – For non-sensitive use cases

Orchestration-Based JIT Migration

If you want to skip writing backend logic, then you can use the LoginRadius Identity Orchestration Engine to handle JIT migration visually. To get started:

1. Download the sample workflow json file.

2. Navigate to Orchestration > Workflows in your LoginRadius dashboard.

3. Click New Workflow and import the JSON.

4. Once loaded, use the External Identity Lookup node in LoginRadius to configure a call to your Auth0 login or user info endpoint. This typically involves setting the HTTP method (e.g., POST), endpoint URL, request headers, and a request body that includes user credentials or identifiers.

5. For step-by-step configuration, refer to LoginRadius IO workflow Nodes.

To learn more about this feature, check out the Identity Orchestration Overview.

Related Resources

• Data Migration Security and Sanitization

• Customer Identity API

• Identity Orchestration