Migrate to Kinde for user authentication
Get started
Migrate to Kinde from Auth0
This guide covers the Auth0-specific steps for exporting your users and migrating to Kinde.
A key point to note: Kinde is OAuth2/OIDC compatible and issues similar tokens to Auth0. You only need to update the token claims when you migrate.
If you want to compare Kinde with Auth0, this page has some useful information.
What you need
Link to this section- A Kinde account with Admin access
- Kinde account configured to match your current auth provider - see before you migrate
- Auth0 account with extension installation permissions
Key considerations
Link to this section- Password export takes time — Auth0 takes up to 2 weeks to fulfil a password export request on some plans. Plan your migration window accordingly, or use drip-feed migration to avoid waiting.
- File size limit — import files must be 49MB or less. Split large exports into batches.
- Format — Auth0 exports in NDJSON (Newline Delimited JSON), not CSV. Kinde’s Auth0 import accepts this format directly.
- Social identities — social logins (Google, GitHub, etc.) are stored in the
identitiesarray. Kinde imports these and lists them under the user’s profile. Users without an email can be imported and are identified by theconnectionattribute. - Users with multiple identities — these are imported and listed under the user’s profile in Kinde.
- Handling new registrations during the migration window — see Choose your migration method below.
Export user data from Auth0
Link to this section1. Install the Auth0 export extension
Link to this sectionAuth0 doesn’t have an export option by default, so you’ll need to install an extension.
- Go to Auth0 Dashboard > Extensions and select User Import / Export.
- Select Install.
The extension appears in your list of installed extensions. The first time you launch it, you’ll be asked to grant permission to access your Auth0 account.
2. Export user data from Auth0
Link to this section-
Launch the extension by selecting Import / Export Extension.
-
Select Export.
-
Select Add default fields and add the identities field.
-
Change the Export Format to .json.
-
Select Export [X] Users. Once complete, select Download.
You will have an NDJSON (.json) file to import into Kinde
Choose your migration method
Link to this sectionDrip-feed via Kinde Workflow (recommended)
Link to this sectionUse the user:existing_password_provided workflow trigger to validate credentials against Auth0 automatically on first login. No bulk export needed, no downtime.
The workflow calls Auth0’s Resource Owner Password Flow (POST /oauth/token) to verify the password before creating the user in Kinde.
App-hosted manual flow
Link to this sectionIf your app hosts its own login form (email + password), you can push users to Kinde directly without a Kinde workflow:
-
When a user signs in to your legacy app, check if they exist in Kinde:
GET /api/v1/users?email={email}. -
If not, validate their password against Auth0’s ROPC endpoint:
POST https://YOUR_DOMAIN/oauth/token{"grant_type": "password","username": "{user_email}","password": "{user_password}","audience": "{your_api_identifier}","client_id": "{client_id}","client_secret": "{client_secret}"} -
A
200 OKresponse confirms valid credentials. Create the user in Kinde and set their password. -
On next login, route the user to Kinde’s hosted login.
For the Kinde API steps, see Create users with the API.
Bulk import (hard switch)
Link to this sectionExport users and passwords from Auth0, import into Kinde, then switch. Follow the steps below:
-
In Kinde, go to Users, then select Import users.
-
Select Auth0.
-
Choose Import users only (import users first, then passwords separately) or Import passwords only (if users are already imported).
-
Follow the on-screen prompts to upload the file.
-
Review any import errors afterwards. Most can be fixed by editing the file and re-importing.
For full import details, see Bulk import users.
To handle new registrations or password changes during the migration window:
- Re-export and re-import from Auth0 to catch new registrations. Users who registered after your first export won’t be able to sign in until the second import completes.
- Use the API to force a password reset for users whose password changed during the window.
More topics
Link to this sectionSupported auth methods
Link to this sectionKinde supports migrating these authentication methods from Auth0: usernames, email, phone, Google, Apple, Microsoft, Facebook, GitHub, Twitch, Bitbucket. Contact support if you need to migrate another type.
Auth methods are shown in the connection attribute of the identities array:
Username-Password-Authenticationemailsmsgoogle-oauth2githubtwitchfacebookbitbucketwindowslive
Other objects you may want to bring from Auth0
Link to this section- Tenants → Businesses in Kinde. A single Kinde account can run multiple businesses.
- Organizations → Organizations in Kinde. Kinde treats organizations as first-class citizens.
- Environments → Kinde Environments contain organizations, users, and applications.
- Applications → Applications in Kinde work in essentially the same way.
- Identity Providers → connections or authentication providers in Kinde.
- Roles and Permissions → Kinde Roles and Permissions are assigned per user per organization. For Auth0’s equivalent of user-level roles/permissions, use the default organization.
- Auth0’s Universal Login → Kinde’s hosted sign-up pages work the same way.
Import objects via the Kinde Management API, or add them in the Kinde dashboard.
Can’t get passwords from Auth0?
Link to this sectionSome Auth0 plans don’t allow password exports, or the 2-week wait isn’t practical. If that’s the case, import users without passwords — Kinde will ask them to set a new password on first sign-in. Alternatively, use drip-feed migration to avoid the export entirely.
Get support
Link to this sectionIf you need help with your migration, contact Kinde support.