Data Migration

The LoginRadius Data Migration solution offers flexible and reliable options to transfer your existing customer data to the LoginRadius platform seamlessly. Designed to ensure a smooth transition with zero downtime, our migration tools help you retain business continuity while enhancing your customer experience. We provide multiple convenient methods to suit your specific migration needs.

• Bulk Migration
• Just-In-Time Provisioning Migration

Types of Migrations

LoginRadius supports multiple data delivery methods to ensure a smooth and efficient migration to our platform. During the initial planning phase, our Data Migration Team will work closely with you to assess your current data structure and recommend the most suitable delivery approach.

Below is a high-level overview of the available data delivery options.

• Bulk Migration: Your existing customer database is exported in CSV/JSON or another format that aligns with your business requirements. LoginRadius will provide a secure, dedicated SFTP server (or coordinate an alternative transfer method) for uploading the files.
  Our team will configure the migration service to verify, sanitize, and import the data into the LoginRadius Cloud Storage. This method supports comprehensive data normalization, sanitization, and complex transformation logic, ensuring data accuracy, consistency, and a seamless transition with minimal impact on your users.

• Just in Time Provisioning(JIT): Leverage automated workflows and APIs to automatically provision users in real time from your existing identity provider. This method allows you to migrate users incrementally as they authenticate while preserving all relevant user attributes and claims. JIT is ideal for minimizing migration overhead and ensuring a seamless experience for end users without requiring a bulk data transfer.

Bulk Migration

Our Bulk migration service is configured to verify, sanitize, and transform the data before importing it into the LoginRadius Cloud Storage. This method is ideal for migrating large datasets in a structured and controlled manner with minimal impact on your users.

Key Features of Bulk Migration

• Extensive support for data normalization, sanitization, and transformation

• Support for importing existing encrypted passwords (hashes)

• Full control over field mapping

• Secure data handling through SFTP or authenticated API access

• Designed for high-volume, one-time, or staged migrations

Bulk Migration Process

Below is a high-level overview of the standard bulk data migration process with LoginRadius:

Migration Phases

LoginRadius follows a structured and collaborative approach to ensure a successful data migration experience. Below are the key phases of a typical bulk migration project:

Info Gathering

This is the stage where LoginRadius gathers your migration requirements and plans the initial phases of the migration. We will work closely with your team to ensure all migration requirements are understood and the next steps and timelines are established.

Your dedicated LoginRadius Customer Success Manager (CSM) will:

• Provide a Data Migration package containing a questionnaire to elicit your migration requirements.

Client Responsibilities in this Phase:

• Review the Data Migration package and return the completed questionnaire
• Provide a data set of 10-100 test customers. These customers can have either dummy(recommended) or test customer data.

Preparation

During this phase, LoginRadius customizes and configures the migration service based on your selected migration method (API-based or CSV/JSON) and the data mapping between your existing identity provider and the LoginRadius Cloud Directory.

• We also apply business logic—such as data normalization, sanitization, and transformation—to ensure data consistency and quality.
• Additionally, our team will configure password hashing support according to the hashing algorithm used in your current system. This ensures that users can authenticate seamlessly without resetting passwords.

This phase includes two critical steps—Test Migration and Client Sign-Off on Migration Rules—to validate and finalize the setup before proceeding to production.

Test Migration Phase

In this phase, LoginRadius will run through one or multiple test migrations to ensure that migration requirements agreed upon in the Information Gathering Phase are met. The test migration will be performed on your dev (QA/staging) site.

Your dedicated Customer Success Manager (CSM) will:

• Work with you to schedule a date for the test migration
• Deliver migration logs after the test migration is complete

Client Responsibilities in this Phase:

• Provide a data set of test customers if different from the Information Gathering Phase.
• Validate the migrated data and confirm with your CSM that the data is correct.

Client Sign-Off on Migration Rules Phase

This phase concludes the Preparation Phase and serves as formal approval for all migration requirements to be met. Once the test migration results are reviewed and validated, the migration configuration is locked in, and no further changes will be made before the production run.

Your dedicated Customer Success Manager (CSM) will:

• Share a detailed Migration Rules Sign-Off form outlining the finalized data mappings, transformation logic, and validation criteria

Client Responsibilities in this Phase:

• Carefully review the test migration output
• Confirm that all business and technical requirements have been accurately implemented.
• Sign off on the migration rules to proceed with the production migration.

This sign-off ensures full team alignment and mitigates risk before moving to the live environment.

Migration

This phase involves the live migration of your customer data into the LoginRadius production environment.

Your dedicated Customer Success Manager (CSM) will:

• Work with your team to schedule a date and time for both the production and post-production migrations
• Establish a dedicated communication channel to keep all stakeholders informed in real time.
• Coordinate with technical teams to ensure system readiness and minimize any operational impact.
• Monitor the migration progress and address any issues as they arise.
• Share detailed migration logs and summaries once the process is complete.

Client Responsibilities in this Phase:

• For CSV/JSON-based Bulk Migration: Upload the final production data files via the secure file transfer channel provided by LoginRadius
• For API-based Bulk Migration: Provide access to the production bulk query API, including required credentials and endpoint documentation

This phase is essential for a smooth and successful cutover. The top priorities during this stage are maintaining data integrity, ensuring operational continuity, and facilitating clear, timely communication across all teams.

Post-Migration

This phase captures any customer data changes after the initial production migration. It includes migrating newly added users or updating/deleting existing records based on post-migration activity.

LoginRadius performs this follow-up migration using the same validated process as the production migration. It is typically scheduled within 48 hours of the production cutover to ensure data consistency and minimize drift.

This step ensures that all customer records are fully up to date, preserving accuracy and completeness across both systems during the final stage of the transition.

Just-In-Time Provisioning Migration

When migrating users from a legacy identity system, importing all user records at once can be complex, especially if your database includes inactive or outdated accounts. Just-In-Time (JIT) Migration offers a more innovative alternative by provisioning user accounts in LoginRadius only when the user actively log in.

This approach enables incremental migration, ensuring only verified, active users are moved to the new system—without disrupting their experience.

LoginRadius supports JIT migration through two flexible methods:

• API-Based JIT – Ideal for companies who want full control over the login and provisioning logic via backend APIs.

• Orchestration-Based JIT – Best for teams using the LoginRadius Identity Orchestration Engine to manage flows with minimal code visually.

Both methods authenticate the user against your existing identity provider if it’s not found in LoginRadius. Upon successful validation, the user is created in the LoginRadius Cloud Directory. From that point forward, LoginRadius became the system of record for authentication.

Key Benefits of JIT Migration

• No bulk imports required
• Improves data hygiene by only migrating active users.
• Supports custom logic for claims, roles, and attributes during migration.
• Flexible implementation options depending on your infrastructure.

API-Based JIT Provisioning

API-Based JIT Migration gives you full control over the authentication and user provisioning flow through your backend. When a user attempts to log in, your backend first checks if the user exists in LoginRadius. If not, it validates the credentials against your legacy identity system, and upon successful authentication, provisions the user in LoginRadius using the appropriate APIs.

This method is ideal for teams that:

• Prefer building and managing logic in their backend
• Want fine-grained control over how users are validated and provisioned

It’s highly customizable and suited for developers who are comfortable with API-first implementations.

User Login Attempt

• The user enters their email/username/phone and password on your login form.

• Your backend checks whether the user already exists in LoginRadius using one of the following availability check APIs, depending on your identifier type:

  • Check Email Availability
  • Check UserName Availability
  • Phone Number Availability

• If the user exists, proceed to authenticate them using the appropriate Login API based on the identity type provided

  • Login by Email
  • Login by Username
  • Login By Phone

User Not Found in LoginRadius

• If the user does not exist, authenticate them against your existing identity service (e.g., internal database, LDAP, or legacy auth system).

• Upon successful authentication:

  • Create a new user in LoginRadius using the Account Create API.

  • Include the email/username, password, and additional profile data you want to migrate.

Important: The Account Create API requires your API Secret. This operation must be performed securely from your backend only.

Subsequent Logins

• Once the user is created in LoginRadius, future logins should be handled directly using LoginRadius authentication APIs.

Orchestration-Based JIT

Orchestration-Based JIT Migration uses the LoginRadius Identity Orchestration Engine to manage the login and provisioning flow visually—without writing custom code. If a user isn’t found in LoginRadius during login, the workflow falls back to your external identity system via an External Identity Lookup Node. If validated, the user is created in LoginRadius on the fly using a Create User Node.

This method is ideal for teams that:

• Prefer a low-code or no-code approach
• Want to configure flows visually using the Admin Console.
• Need to integrate with legacy systems using webhooks, APIs, or connectors.

It’s flexible, scalable, and easy to maintain—even for non-developers or cross-functional teams.

User Login Attempt

To implement Just-In-Time (JIT) provisioning using the LoginRadius Identity Orchestration Engine, follow the steps below to build your login workflow:

• Add the Default Email Login Workflow
  Start by adding or cloning the Default Email Login Workflow in the Orchestration section of the LoginRadius Admin Console.

• Attach an External Identity Lookup Node
  Connect an External Identity Lookup Node to the Auth False output of the Email Login Node. This node will validate user credentials against your existing identity provider (e.g., legacy database or API).

• Configure the External Identity Lookup
  Provide your external identity service's endpoint URL, authentication method, and expected response format.

• Provision the User in LoginRadius
  On the Success path of the External Identity Lookup Node, add a Create User Node to provision the user into the LoginRadius Cloud Directory.

• Optional: Add Additional Workflow Steps
  You may include additional nodes to map user attributes, assign roles or groups, or trigger post-login actions like consent collection or custom claims enrichment.

This workflow ensures that only successfully authenticated users are migrated into LoginRadius, enabling seamless, real-time provisioning without disrupting the user experience.

🚀Get Started with the JIT IO Workflow Using a Preconfigured Template

To explore how the Just-in-Time (JIT) Identity Orchestration workflow operates, you can import our preconfigured JIT IO JSON file. Follow these steps:

1. Download the sample workflow json file

2. Go to Orchestration > Workflows in your dashboard.

3. Click the New Workflow button and upload the downloaded JSON file.

4. Once the import is successful, you’ll be redirected to the Workflow Builder with a sample JIT migration template.

5. Add the endpoint for your external identity lookup API in the External Identity Lookup node.

To learn more about Identity Orchestration and how it works, refer to the Identity Orchestration Overview.

Related Resources

• LoginRadius Data Regions
• Password Hashing Algorithms
• Password Security Concepts
• LoginRadius Global CDN