Migration to Descope

Migrating to Descope from another authentication provider or custom setup is a structured process, designed to allow you to retain security, functionality, and ease of use. This guide covers migration options, supported third-party services, and password migration methods. Follow these steps to ensure a seamless transition to Descope.

Migration Approaches

There are two primary strategies to migrate users and data to Descope:

• Full Migration: Bulk-export users (and associated attributes/roles), import them into Descope, and then gradually switch traffic so Descope is the only source of truth. You can optionally add session migration so users with active sessions at your legacy provider do not have to sign in again.
• JIT (Just-In-Time) Migration: Do not bulk-export users. Instead, provision users in Descope when they sign in, often by verifying their credentials or identity against the legacy provider (for example, via a generic HTTP connector or custom API) and then creating/updating the user in Descope on-the-fly.

Each individual migration guide (Auth0, Azure AD B2C, Cognito, etc.) explains how to implement these strategies for that specific provider, including when to combine JIT with full migration or session migration.

Supported Password Hashing Algorithms

Descope supports various hashing protocols to ensure smooth migration of passwords and minimal disruption for users. These protocols include:

1. Bcrypt
2. Argon2
3. Django
4. Firebase
5. PBKDF2
6. PHPass
7. MD5 (for legacy compatibility)

For custom password hashes, explore how Descope's User Management API can handle additional data types and protocols.

Migration Steps

1. Prepare User Data

• Export data, ensuring you have all necessary fields such as unique identifiers (Login IDs), emails, names, and passwords.
• Verify data accessibility to ensure smooth import using Descope's User Management API.

2. Create Users in Descope

• Use Descope's Create User API or Batch Create User API to import your user data. This will create user records in Descope, including role assignments, attributes, and organization mappings as needed.

3. Import Passwords (Optional)

• Descope supports various hashing algorithms, so users can log in with their existing passwords without needing a reset. For unsupported formats, consider a password reset flow or handle it via API updates.

4. Handle Social Logins and External Identity Providers (Optional)

• For accounts with social logins (e.g., Google, Facebook), the migration will handle login IDs. Descope will link these IDs without needing further imports.