About managing users
Manage users
If you are currently using a different authentication tool to manage users, you can switch to Kinde pretty quickly. The method described here involves importing user details from CSV files into Kinde. Follow this other guide if you are switching from Auth0.
If you’ve got a lot of users (your export file is over 5MB) or are concerned about file size limits, you can contact us to ensure the import goes smoothly.
We recommend setting up user authentciation in Kinde before importing. For example, set up:
Note: Importing users from Azure Set up the MS Entra ID connection in Kinde before you import your users. Then when you import, Kinde will match users to the relevant connection based on their email address.
For more details, see Authentication methods.
You can export user details and data fairly easily from most auth providers. However, some providers require you to separately request password details for users and this can take a little while. If you’re using your own auth system, prepare data as described below.
User data can only be imported from a CSV file. Depending on what you currently use for auth, you will need to export or prepare data in a CSV file.
Kinde can import files up to 5MB. You may need to split the import into batches if you have a lot of users.
When exporting data from another auth system or your own system, the CSV file you export may need to be edited to ensure data is formatted in rows with some of these column headings.
email
- minimum required informationexternal_organization_id
- Only required if you are importing roles and permissionsThe more data that you include for import, the easier we can set up your users in Kinde. Kinde will not duplicate users with existing email addresses.
first_name
and last_name
id
(also referred to as provided id
) - unique to the auth provider and helps us match records as they are imported.phone
- including the international code with no spaces and no leading ‘0’, for example. +61555111555. Required for phone authentication. (beta feature)phone_verified
- phone number verification status: TRUE or FALSE (beta feature)email
- the user’s email addressemail_verified
- email verification status: TRUE or FALSErole_key
- the role key for the role a user will be assigned on import. If the user is to be assigned more than one role, use a comma separated list.permission_key
- the permissions key for the permission a user will be assigned (that is not included in their role). If the user is to be assigned more than one permission, use a comma separated list.external_organization_id
- the ID of the organizations you want the user to be imported into (if applicable). Only required if you are importing roles and permissions with user data. If the user belongs to more than one organization, use a comma separated list.Note that this is NOT the same as the Organization code in Kinde, which is a Kinde-supplied ID.
hashed_password
- the user’s password encrypted using a hashing method or algorithm.hashing_method
- the name of the algorithm used to encrypt the user’s password. Currently crypt, bcrypt, sha256, md5, and wordpress are supported. Contact us if you need a different method.salt
- extra characters added to passwords to make them strongersalt_position
- position of salt in password string. E.g. prefix (before) or suffix (after).salt_format
- format of the salt, e.g. hex, string, etc.Please note if you are importing bcrypt hashes with the $2b variant, Kinde will substitute this for the $2a variant. These are interchangeable as long as you were not running OpenBSD at the time the hashes were generated.
Provide the hash in hex format. Import the salt using the salt
column. For the salt_format
, specify how the salt should be interpreted: e.g. hex for a hex-encoded string (68656c6c6f for hello). By default, the salt is treated as a plain string, and escape sequences (like \n or \v) are treated as literal characters.
Hashing method | Salt | Salt position |
---|---|---|
md5 | Optional | required if salt included |
bcrypt | ||
crypt | Optional | |
wordpress | Optional | |
sha256 | Optional | required if salt included |
Before importing, check the CSV for missing information or duplication. Kinde will check for some errors during import, and report these back to you.
If you want your users to have an uninterrupted sign in experience as you change providers, you will need to bring their password data from your auth provider. Passwords are usually ‘hashed’ or encrypted so they cannot be read and they may be ‘salted’ as well (see above).
If you decide not to import passwords, however, it’s not a big deal. Users will be prompted to reset their password or sign in using whatever authentication methods you have chosen to set up in Kinde.
Once you have your user details, you’re ready to import them.
For full instructions, see Import or update users in bulk.
Kinde does not send any notifications or invitations to users when they are added to Kinde via import. The idea is that your users have a seamless experience that feels (almost) like it always has in your app.
Similarly, if you add users via API, Kinde does not send an email or notification to the user.
If you’ve made changes to their sign in experience — for example adding multi-factor authentication — then consider contacting your users to let them know their sign in experience will be changed.
Importing all your existing users and passwords following the above process should mean that your users won’t notice anything when they next sign in. This is the optimal experience. However:
During and following the migration, we recommend checking for these issues.
When you import passwords, Kinde does not check for password strength. You’ll want to enforce your own password policies for users.