Share via

How to import users with passwords from Auth0 to Azure AD?

John Altenbernd 0 Reputation points
2023-10-31T20:21:12.5733333+00:00

I'm wondering if this is possible at all. I can get an export from Auth0 of our users that can include their hashed passwords. Auth0 provides this only on request as a JSON file.

Then, is it possible to import these Users into Azure Active Directory without the Users being forced to create a new password?

I have a lot of Users to move over and if I have to let all of them know they have to recreate their password, they might balk.

Thank you.

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2023-11-02T12:12:09.8266667+00:00

    Hi @John Altenbernd

    Thank you for reaching us!

    For your query, I understand that you are trying to migrate your users from Auth0 to Microsoft Entra ID with their hashed passwords.

    Regrettably, Microsoft Entra ID currently not compatible to migrate the users with the hashed passwords,
    which means that when migrating users from another service provider to Azure AD, the users would typically need to reset their passwords as part of the migration process.

    Reason: When migrating users from another service provider to Microsoft Entra ID, if the other service provider also uses hashed passwords, transferring these hashes is not possible due to the one-way nature of the hashing process.
    The reason for this is that each system might use various methods for hashing passwords, and a hash generated by using one method can’t be converted back into a plain text password or into a hash from another algorithm.

    However, as a workaround you can use Azure Active Directory B2C to create a personalized migration plan that lets users keep their passwords as they move to a new system.
    There are two migration methods that you can follow to migrate the users to Azure Active Directory B2C which as below.

    1. Pre migration (Bulk Import): The process of bulk importing includes the step where user profiles are taken from an existing identity provider and then new accounts are established in the Azure AD B2C directory using the Microsoft Graph API. Use bulk import when you have access to user plain text such as username and password. Open credentials are credentials that are initially encrypted, but you decrypt them and import them into the Azure AD B2C directory. You also have the option to import users with automatically generated passwords and then require them to change their password using an Azure AD B2C password reset policy. If that is Work, you can use seamless migration method.
    2. Seamless migration (Just in time Migration): if you can't access plain-text passwords from the old identity provider, consider using the seamless migration process. in example the password is saved in a one-way encrypted manner, like using a hash function.

    I hope this answer helps! If you have any further questions, please feel free to ask.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-migration

    Thank,
    Akhilesh,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. John Altenbernd 0 Reputation points
    2023-11-06T16:19:53.8833333+00:00

    I'm currently not using the B2C AD version; just the regular AD. I can request from Auth0 a JSON file with the passwords, but like you said, they're encrypted. My only option is to have Users reset their passwords.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.