Skip to main content
The user data file used for bulk user imports must be in JSON format. It must contain an array of user objects matching the specified schema.

User JSON schema

The following JSON schema describes valid users:

User object properties

app_metadata
object
upsertable
Data that can affect the application’s core functionality or what the user can access. Data stored in app_metadata cannot be edited by users. This may include things such as support plans, roles or access groups.For more information about metadata, read Understand How Metadata Works in User Profiles.
blocked
boolean
Whether the user has been blocked.
email
string
required
The user’s email address.
email_verified
boolean
default:false
upsertable
Indicates whether the user has verified their email address. Set to false by default if email is updated by upsert but not email_verified.
family_name
string
upsertable
The user’s family name.
given_name
string
upsertable
The user’s given name.
name
string
upsertable
The user’s full name.
nickname
string
upsertable
The user’s nickname.
picture
string
upsertable
URL pointing to the user’s profile picture.
user_id
string
The user’s unique identifier. This is prepended by the connection strategy.
user_metadata
object
upsertable
Data that does not impact what users can or cannot access, such as work address, home address, or user preferences.For more information about metadata, read Understand How Metadata Works in User Profiles.
username
string
The user’s username.
password_hash
string
Hashed password for the user’s connection.When users are created, Auth0 uses bcrypt to secure the password. Importing hashed passwords lets users keep their passwords for a smoother experience. Compatible passwords should be hashed using bcrypt $2a$ or $2b$ and have 10 saltRounds.This property can only be provided when the user is first imported and cannot be updated later.
custom_password_hash
object
upsertable
A more generic way to provide the user’s password hash.You can use this field instead of the password_hash field when the user’s password hash was created with an alternate algorithm. This field and password_hash are mutually exclusive.During the bulk import process, you can update the custom_password_hash if the user did not login using the initially imported custom_password_hash.
mfa_factors
array
The multi-factor authentication (MFA) that can be used to authenticate this user. Importing enrollments prevents the need for users to re-enroll in MFA after they’re imported.The supported enrollment factors are email, SMS, and TOTP.

User data JSON examples

A file with the following contents is valid:
Some example users with hashes provided:
Some examples of users with MFA factors: