User Search v2

For all deployment models except Private Cloud, user search v2 has reached its end of life as of June 30, 2019. For information on migrating from user search v2 to v3, see Migrate from search engine v2 to v3.

Auth0 allows you, as an administrator, to search for users using Lucene Query Syntax.

This document provides sample queries and demonstrates how you can search for users. We also suggest that you refer to Query String Syntax for more examples of query string syntax.

The user search endpoint allows you to return a maximum of **10,000** users. For additional results, please use either the User Export Job endpoint or the User Export Extension.

Search for users using the Management API

You can also search for users using the Management API. The easiest way to do this is by making use of the API Explorer. This technique is discussed briefly below, but please note that the Auth0 Management API is a REST API, so you can make API calls using anything that can make HTTP requests, or by using one of the Auth0 SDKs.

In order to make requests to the Management API, you will need a token. Please refer to Access Tokens for the Management API for more information.

Search using the API Explorer

To search users using the Management API Explorer, go to the Users section and then select List or search users. Scroll down to the q parameter. You can use any query string which uses the query string syntax in this field.


Sorting search results

To sort the list of users returned from the Management API, you can make use of the sort parameter. Use the format field:order for the value of the sort field, where field is the name of the field you want to sort by, and order can be 1 for ascending and -1 for descending. For example, to sort users in ascending order by the created_at field you can pass the value of created_at:1 for the sort parameter. Sorting by app_metadata or user_metadata is not supported.

For more information on the sort and other parameters, please refer to the Management API Explorer documentation.

If there is no default sort field specified, some users that have never logged in, may not appear. No default sort field may also result in duplicate records returned and the order of list of users may appear random.

Exact matching and tokenization

Because of the manner in which ElasticSearch handles tokenization on + and -, unexpected results can occur when searching by some fields. For example, when searching for a user whose name is jane (name:"jane"), the results will be both for jane and jane-doe, because both of these contain the exact search term that you used. The difference may not affect some searches, but it will affect others, and provide unanticipated results.

You can solve this problem either by using structured JSON in your metadata, or by using the raw subfield.

Using the raw subfield

If you wish to avoid the potential pitfalls of analyzed data and search for an exact match to your term - an exact string comparison - then for some fields you can use the raw subfield, which will be not_analyzed.

So, in the example name.raw:"jane", the user data for jane would match, but jane-doe would not.

The fields that support raw subfield queries are:

  • identities.connection⁠⁠⁠⁠

  • ⁠⁠⁠⁠identities.provider⁠⁠⁠⁠

  • ⁠⁠⁠⁠identities.user_id⁠⁠⁠⁠

  • ⁠⁠⁠⁠email⁠

  • ⁠⁠⁠⁠phone_number⁠⁠

  • ⁠⁠⁠⁠family_name⁠⁠⁠⁠

  • ⁠⁠⁠⁠given_name⁠⁠⁠⁠

  • ⁠⁠⁠⁠username⁠⁠⁠⁠

  • ⁠⁠⁠⁠name⁠⁠

  • ⁠⁠⁠⁠nickname

Example queries

Below are some example queries to illustrate the kinds of queries that are possible using the Management API V2.

Use Case Query
Search for all users whose name contains "john" name:"john"
Search all users whose name is exactly "john" name.raw:"john"
Search for all user names starting with "john" name:john*
Search for user names that start with "john" and end with "smith" name:john*smith
Search for all users whose email is exactly "" email.raw:""
Search for all users whose email is exactly "" or "" using OR email.raw:("" OR "")
Search for users without verified email email_verified:false OR NOT _exists_:email_verified
Search for users who have the user_metadata field named name with the value of "John Doe""John Doe"
Search for users from a specific connection or provider identities.provider:"google-oauth2"
Search for all users that have never logged in (NOT _exists_:logins_count OR logins_count:0)
Search for all users who logged in before 2015 last_login:[* TO 2014-12-31]
Fuzziness: Search for terms that are similar to, but not exactly like, jhn name:jhn~
All users with more than 100 logins logins_count:>100
Logins count >= 100 and <= 200 logins_count:[100 TO 200]
Logins count >= 100 logins_count:[100 TO *]
Logins count > 100 and < 200 logins_count:{100 TO 200}

Example request

Below is an example request for searching all users whose email is exactly "".

curl --request GET \
  --url 'https://YOUR_DOMAIN/api/v2/users?' \
  --header 'authorization: Bearer ACCESS_TOKEN'
var client = new RestClient("https://YOUR_DOMAIN/api/v2/users?");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer ACCESS_TOKEN");
IRestResponse response = client.Execute(request);
package main

import (

func main() {

	url := "https://YOUR_DOMAIN/api/v2/users?"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("authorization", "Bearer ACCESS_TOKEN")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)


HttpResponse<String> response = Unirest.get("https://YOUR_DOMAIN/api/v2/users?")
  .header("authorization", "Bearer ACCESS_TOKEN")
var axios = require("axios").default;

var options = {
  method: 'GET',
  url: 'https://YOUR_DOMAIN/api/v2/users',
  params: {q: 'email.raw:""', search_engine: 'v2'},
  headers: {authorization: 'Bearer ACCESS_TOKEN'}

axios.request(options).then(function (response) {
}).catch(function (error) {
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"authorization": @"Bearer ACCESS_TOKEN" };

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://YOUR_DOMAIN/api/v2/users?"]
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
[dataTask resume];
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://YOUR_DOMAIN/api/v2/users?",
    "authorization: Bearer ACCESS_TOKEN"

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
import http.client

conn = http.client.HTTPSConnection("")

headers = { 'authorization': "Bearer ACCESS_TOKEN" }

conn.request("GET", "/YOUR_DOMAIN/api/v2/users?", headers=headers)

res = conn.getresponse()
data =

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://YOUR_DOMAIN/api/v2/users?")

http =, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request =
request["authorization"] = 'Bearer ACCESS_TOKEN'

response = http.request(request)
puts response.read_body
import Foundation

let headers = ["authorization": "Bearer ACCESS_TOKEN"]

let request = NSMutableURLRequest(url: NSURL(string: "https://YOUR_DOMAIN/api/v2/users?")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  } else {
    let httpResponse = response as? HTTPURLResponse