Import or update users in bulk

Link to this section

You can import users in bulk, from CSV or from other files provided by your previous  authentication service, such as Auth0.

You can also use the import function to update some user details. For example, to:

  • Add users in bulk to other organizations using the external_organization_id
  • Assign roles or permissions to users in an organization

Be careful using bulk imports to update user info

Link to this section

Imported data overrides current Kinde user data. You should only use the file import method to update user details if the CSV you are importing is current and up to date.

For example, if a user has changed the spelling of their name or has new permissions, and you import data from an older CSV, the new changes will override their changes. We suggest you get current user data by exporting it, then update the CSV before you re-import.

File requirements

Link to this section
  • User details and passwords need to be in CSV format (except for Auth0 imports, see below)
  • File size limit 1MB (around 10,000 users)

Before you import or update users

Link to this section

Note: Importing users from MS Azure AD Set up the Azure AD connection in Kinde before you import your users. Then when you import, Kinde will match users to the relevant connection based on their email address.

Prepare the CSVs

Link to this section

When exporting data from another auth system or your own system, the CSV file needs to be set up with specific headings and formats for the data you are importing.

  • email - this is a required field to import to Kinde

Note that only the email field is mandatory, but the more data that you bring in, the easier we can set up your users in Kinde. Kinde will not duplicate users with existing email addresses.

  • first_name and last_name
  • id (also referred to as provided id) - unique to the auth provider and helps us match records as they are imported.
  • email_verified - account verification status: TRUE or FALSE
  • hashed_password - encrypted using an algorithm such as bcrypt, crypt or md5. See note below.
  • hashing_method - tells us which algorithm was used to encrypt the password
  • salt - extra characters added to passwords to make them stronger
  • salt_position - position of salt in password string. Prefix (before) or suffix (after)
  • role_key - the role key for the role a user will be assigned on import. If the user is to be assigned more than one role, use a comma separated list.
  • permission_key - the permissions key for the permission a user will be assigned (that is not included in their role). If the user is to be assigned more than one permission, use a comma separated list.
  • external_organization_id - the ID of the organizations you want the user to be imported into (if applicable). If the user belongs to more than one organization, use a comma separated list.

💡 bcrypt $2b variant support: Please note if you are importing bcrypt hashes with the $2b variant, Kinde will substitute this for the $2a variant. These are interchangeable as long as you were not running OpenBSD at the time the hashes were generated.

Example simple csv import

Link to this section
email,id,first_name,last_name,roles,permissions,external_organization_id

jen@kinde.com,0001,"Jen","Smith","role_1","permission_1","ext_org_id_1,ext_org_id_2"
elmo@kinde.com,0002,"Elmo","Smith","role_1","permission_2","ext_org_id_1,ext_org_id_2"

Users with multiple orgs and multiple roles

Link to this section

If you’re importing users who belong to multiple organizations and they have different roles in those organizations, you can set up the CSV to duplicate the user on a separate line for each organization they belong to, with the relevant roles to match. For example:

email,id,first_name,last_name,roles,permissions,external_organization_id

jen@kinde.com,0001,"Jen","Smith","role_1,role_2","permission_1,permission_2","ext_org_id_1"
jen@kinde.com,0001,"Jen","Smith","role_3","permission_3,permission_4","ext_org_id_2,ext_org_id_3"

Alternatively, you can import your users first, then import their roles and organizations in a separate file:

File 1
email,id,first_name,last_name

jen@kinde.com,0001,"Jen","Smith"
File 2
id,roles,permissions,external_organization_id
0001,"role_1,role_2","permission_1,permission_2","ext_org_id_1"
0001,"role_3,role_4","permission_3,permission_4","ext_org_id_2"

Auth0-specific import options

Link to this section

When you export user details from Auth0 make sure you export default fields, as well as these fields in the CSV: app_metadatablockeduser_metadatausernamelast_iplast_loginlogins_countmultifactornamephone_numberphone_verified.

When importing users from Auth0 source files, you have three options:

  1. Import users and passwords - if you have the user (CSV) and password (JSON) files.
  2. Import users only - if you want to import users now and passwords later. You can also use this method if you want to allow users to reset their password or sign in another way.
  3. Import passwords only - only choose this if you have already imported users.

To import users

Link to this section
  1. In Kinde, go to Users, then select Import users.
  2. Select the option for your situation:
    • Custom CSV
    • From Auth0 (choose this for Azure AD users)
  3. Follow the on-screen prompts to import the data.
  4. If there are any errors with the import, you will be able to view them afterwards.
  5. Most import errors can be fixed by editing the CSV file and then re-importing into Kinde. Any records that have already been imported and have not been edited, will be ignored.

Weak passwords are not rejected on import

Link to this section

When you import passwords via CSV, Kinde does not check for password strength. However, if you do not also include a TRUE in the password_verified column of the CSV, Kinde will send a one-time password to the user the first time they try to sign in, in order to verify their identity.

In future, we may add the ability to check password strength and initiate a password change if it’s deemed to weak by standard password criteria.

Communication to users

Link to this section

Kinde does not send any notifications or invitations to users when they are newly added to Kinde. The idea is that your users have a seamless experience that feels (almost) like it always has in your app.

If you’ve made changes to their sign in experience — for example adding multi-factor authentication — then consider contacting your users to let them know their sign in experience will be changed.

What users might notice

Link to this section

Importing all your exisiting users and passwords should mean that your users won’t notice anything when they next sign in. This is the optimal experience. However:

  • If a user changes their password after the user export and while the migration is in progress, they will be prompted to reset their password on the next sign in.
  • If you have set up a new authentication method as part of the user migration (for instance, going passwordless) your users will be prompted to use the new method on sign in.
  • If you add or remove roles or permissions, they may gain/lose access to parts of your system.

Talk to us

If you can’t find what you’re looking for in our help center — email our team

Contact us