Move from Auth0 to Authagonal

How the migration works

1. 1

   Connect your tenant

   Create a read-only Machine-to-Machine app in Auth0 and authorize it for the Management API. Paste its domain, client ID, and secret into the portal — the credentials are used only for the import.

2. 2

   Preview everything

   Authagonal counts every application, API, role, connection, and user it will import, and flags anything that needs your attention — before a single record is written.

3. 3

   Import in one click

   Applications (with their secrets rehashed so they keep working), API scopes and audiences, roles and their assignments, user profiles and metadata, and enterprise OIDC connections all come across — with their Auth0 IDs preserved.

4. 4

   Bring passwords, or don’t

   Supply Auth0’s support-assisted password-hash export and bcrypt hashes import verbatim — users never notice. Skip it and users set a new password on first sign-in. Either way, nothing breaks.

5. 5

   Cut over

   Repoint your apps at Authagonal’s OIDC endpoints. The sub and client_id values are unchanged, so existing references keep resolving.

The honest details

• Auth0 never exposes password hashes through its Management API — that’s an Auth0 limitation, not ours. The support-assisted bulk export is the only way to move hashes; we import them verbatim because Authagonal verifies bcrypt natively. Without it, the standard reset-on-first-login flow covers every user.

• Auth0’s user listing API returns at most 1,000 users. For larger tenants the bulk export file is the complete source — and it carries the password hashes too.

• SAML, social, and database connections are reconfigured in the portal after import; enterprise OIDC connections come across automatically.

• Blocked and disabled records import in the same state, so nothing silently re-activates.