Docs

Provisioning

Determining how users get signed up is important to address early, and the decisions you make here will influence many of the decisions you will need to make going forward. We’ve found there are a typical set of patterns for how users will get added to your system, and things to take note of when considering workflow design too.

Best Practice

Whilst Auth0 supports numerous workflows, web based workflows using Auth0 Universal Login for sign up are considered both industry and Auth0 best practice as they provide for optimal functionality and the best security.

Auth0 supports user sign up via a number of different identity providers. During sign up, Auth0 will also provision the profile for the user (a.k.a. the user’s Account), and there are a number of things to consider when looking at functionality and workflow:

  • Can I use Auth0 as an identity store?
  • Can I use my own (legacy) identity store with Auth0?
  • Can I migrate user identities from my identity store to Auth0?
  • Can my users sign up using their existing social - e.g. Facebook or Google - accounts?

Auth0 provides out-of-the-box identity storage that can be leveraged to store user credentials safely and securely (see Auth0 Self Sign Up for further discussion). If you already have a legacy identity store, and you want to offload the management of it, then Auth0’s User Migration capabilities provide you with a number of options to do so.

Alternatively, if you have to stick with your legacy identity store - perhaps because you’ve got applications which you aren’t ready to migrate or which can’t be migrated - then Auth0’s identity store proxy capability is exactly what you need. Allowing your customers to use “bring your own identity” is also an attractive proposition. Though we find our customers don’t typically do so from the get-go, Auth0’s Social Sign Up capability is exactly what you’ll need when you’re ready to provide it.

Self sign up

Self sign up leverages Auth0 Database Connections to store the user ID, password, and (optional) username identity information collected from new users during the sign-up process. And database connection policies, governing things such as minimum username length or password strength and complexity, can be configured via the Auth0 Dashboard.

Best Practice

Auth0 Universal Login, as well Auth0 widgets such as Lock, integrate with Database Connections to provide comprehensive user interface functionality for sign up out of the box. These UI artifacts are fully reactive, and with feature rich configuration and comprehensive customization, ready to go functionality can be deployed for user self sign up as well as login in short order.

Social sign up

Social signup is synonymous with sign in via social authentication - there’s no distinction here per se, as user profile creation happens automatically upon first social login.

User migration

In addition to hosting the User Profile, Auth0 also has the capability to both proxy your own legacy identity store as well as provide a secure Auth0 hosted replacement. Both of these capabilities are supported via the use of Auth0 Database Connections. If you decide to use Auth0 as a replacement for your legacy identity store then you can migrate users either en-mass via Bulk Migration, or progressively using Automatic Migration.

Best Practice

Customers often opt for a two-stage approach to user migration, employing Automatic Migration in the first instance in order to migrate as many users as possible, and then performing Bulk Migration for the users that remain. For further details on migration scenarios see the Auth0 documentation.

Automatic Migration is preferred as it allows users to be migrated in a piecemeal fashion, and also allows them to retain their existing password. For Bulk Migration we recommend the use of the Management API over use of the User Import/Export extension in all but the most simple cases, as the Management API provides for greater flexibility and control. With Bulk Migration users will typically need to reset their password once migration is complete.

Best Practice

Calls to the Management API are subject to Auth0 Rate Limiting policy. You must take this into consideration, and to assist, Auth0 generally recommends use of the appropriate Auth0 SDK for your development environment rather than calling our APIs directly.

Identity store proxy

Auth0 Database Connections types can also be configured to proxy an existing (a.k.a. legacy) identity store. If, for some reason, you will need to keep user identities defined in your own legacy store - for example, if you have one or more business critical applications that you can’t migrate to Auth0, but which still need access to these identities - then you can easily integrate with Auth0, and you’ll want to review the guidance provided to show you how.

Planning

To help you with planning your implementation, we've put together some planning guidance that details our recommended strategies.

Keep reading