Migrate to Kinde for user authentication
Get started
Bulk import users to Kinde
Export your users from your existing auth system, prepare a CSV, and import them into Kinde. Users with migrated password hashes can sign in immediately with no password reset required.
If you need to catch new registrations or password changes during the migration window, combine this with the API approach or run a second import after the cutover.
Example CSV
Link to this sectionemail,first_name,last_name,email_verified,hashed_password,hashing_method,external_organization_idbills@company.com,Bill,Smith,TRUE,$2a$10$examplehash,bcrypt,abc001carlosg@company.com,Carlos,Garcia,TRUE,$2a$10$examplehash,bcrypt,abc001lliu@company.com,Lee,Liu,FALSE,,, xyz002Setup guide
Link to this section1. Prepare your Kinde business
Link to this sectionConfigure your Kinde business with the same auth strategies as your existing provider. See before you migrate.
2. Export users from your provider
Link to this sectionExport instructions vary by provider. Select yours:
If you are migrating from your own system, prepare the data to match the format described below.
3. Prepare your CSV
Link to this sectionImport files must be 49MB or less. This applies to Custom CSV, Auth0 NDJSON, FusionAuth NDJSON, and Custom NDJSON imports. Format your export with the following columns.
Required column:
| Column | Notes |
|---|---|
email | Minimum required field |
Recommended columns:
| Column | Notes |
|---|---|
first_name, last_name | User’s name |
email_verified | TRUE or FALSE |
id | Your provider’s user ID — helps match records during re-imports |
phone | International format, e.g. +61555111555 |
external_organization_id | Organization ID to import the user into. Comma-separate multiple values |
role_key | Role key(s) to assign. Comma-separate multiple values |
permission_key | Permission key(s) to assign. Comma-separate multiple values |
Password columns:
Include these if you’re migrating hashed passwords:
| Column | Notes |
|---|---|
hashed_password | The hashed password string |
hashing_method | See supported methods below |
salt | Optional — extra characters added to strengthen the hash |
salt_position | prefix or suffix — required if salt is included |
salt_format | Format of the salt, e.g. hex or string |
Supported hashing methods:
| Method | Salt | Salt position |
|---|---|---|
bcrypt | — | — |
md5 | Optional | Required if salt included |
sha256 | Optional | Required if salt included |
crypt | Optional | — |
wordpress | Optional | — |
Check for errors before importing:
Review the CSV for missing or duplicate values. Kinde will report errors after import. Records that have already been imported without changes are skipped on re-import.
4. Import users into Kinde
Link to this section-
In Kinde, go to Users, then select Import users.
-
Select your import type:
- Auth0 — for NDJSON files exported from Auth0
- FusionAuth — for NDJSON files exported from FusionAuth
- Custom NDJSON — for NDJSON files exported from other providers
- Custom CSV — for all other providers
-
Follow the on-screen prompts to upload your file.
-
Review any errors reported after import. Fix the CSV and re-import to resolve them.
For full instructions, see Import or update users in bulk.
After the import
Link to this sectionHandling new registrations during the migration window
Link to this sectionIf users can still register or change their password while you migrate, you’ll miss them. Options:
- Re-import — run the export and import again after cutover to catch new registrations. Users who registered after your first export will be unable to sign in until this second import completes.
- Force a password reset — for users who changed their password during the window, use the API to set
is_password_reset_requested. - Use the API in parallel — push new sign-ups directly to Kinde via API during the migration window. See Create users with the API.
Communicating with users
Link to this sectionKinde does not notify users when they are imported. Plan your own communication, especially if you’re changing their sign-in experience (e.g. adding MFA or moving to passwordless).
Edge cases to watch
Link to this section- If a user changes their password after your export and before the migration completes, they will need to reset it.
- If you add a new authentication method (e.g. passwordless), users will be prompted to use it on next sign-in.
- Kinde does not check password strength on import — enforce your own policies for users.
- Adding or removing roles and permissions may change what users can access in your app.
Get support
Link to this sectionIf you need help with your migration, contact Kinde support.