How to import users with passwords from Auth0 to Azure AD?

John Altenbernd 0 Reputation points
2023-10-31T20:21:12.5733333+00:00

I'm wondering if this is possible at all. I can get an export from Auth0 of our users that can include their hashed passwords. Auth0 provides this only on request as a JSON file.

Then, is it possible to import these Users into Azure Active Directory without the Users being forced to create a new password?

I have a lot of Users to move over and if I have to let all of them know they have to recreate their password, they might balk.

Thank you.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,153 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,549 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Akhilesh 1,450 Reputation points Microsoft Vendor
    2023-11-02T12:12:09.8266667+00:00

    Hi @John Altenbernd

    Thank you for reaching us!

    For your query, I understand that you are trying to migrate your users from Auth0 to Microsoft Entra ID with their hashed passwords.

    Regrettably, Microsoft Entra ID currently not compatible to migrate the users with the hashed passwords,
    which means that when migrating users from another service provider to Azure AD, the users would typically need to reset their passwords as part of the migration process.

    Reason: When migrating users from another service provider to Microsoft Entra ID, if the other service provider also uses hashed passwords, transferring these hashes is not possible due to the one-way nature of the hashing process.
    The reason for this is that each system might use various methods for hashing passwords, and a hash generated by using one method can’t be converted back into a plain text password or into a hash from another algorithm.

    However, as a workaround you can use Azure Active Directory B2C to create a personalized migration plan that lets users keep their passwords as they move to a new system.
    There are two migration methods that you can follow to migrate the users to Azure Active Directory B2C which as below.

    1. Pre migration (Bulk Import): The process of bulk importing includes the step where user profiles are taken from an existing identity provider and then new accounts are established in the Azure AD B2C directory using the Microsoft Graph API. Use bulk import when you have access to user plain text such as username and password. Open credentials are credentials that are initially encrypted, but you decrypt them and import them into the Azure AD B2C directory. You also have the option to import users with automatically generated passwords and then require them to change their password using an Azure AD B2C password reset policy. If that is Work, you can use seamless migration method.
    2. Seamless migration (Just in time Migration): if you can't access plain-text passwords from the old identity provider, consider using the seamless migration process. in example the password is saved in a one-way encrypted manner, like using a hash function.

    I hope this answer helps! If you have any further questions, please feel free to ask.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-migration

    Thank,
    Akhilesh,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


  2. John Altenbernd 0 Reputation points
    2023-11-06T16:19:53.8833333+00:00

    I'm currently not using the B2C AD version; just the regular AD. I can request from Auth0 a JSON file with the passwords, but like you said, they're encrypted. My only option is to have Users reset their passwords.