Migrate
Eight providers, eight guides
The migration story is the second-biggest reason teams switch to Authio (after multi-org). Production importers, a guided wizard in the dashboard, and these docs.
Every importer is idempotent. Re-running with the same export is safe — users are upserted on email, orgs on slug, memberships on (user, org).
Migrate from WorkOSmarquee
Multi-org merge — fixes the 1-user-1-org gap.
Migrate from Auth0marquee
Users, orgs, roles, and identities in one bundle.
Migrate from Clerk
Clerk's DX, Authio's depth — without per-org-per-MAU tiers.
Migrate from Firebase Auth
firebase auth:export → Authio in one command.
Migrate from Supabase
auth.users dump + your own org graph.
Migrate from AWS Cognito
list-users + groups → Authio orgs and members.
Migrate from Stytch
B2B Members map cleanly; consumer is single-tenant.
Migrate from Descope
Tenants → orgs 1:1; custom attributes preserved.
What every migration gives you
- Users with verified email + display name + avatar (where present).
- Organizations with original slug preserved.
- Memberships with roles mapped to Authio's owner/admin/member vocabulary.
- Identities (Google/Microsoft/GitHub/Apple/Facebook) so existing OAuth users can keep signing in via the same provider.
- SSO connections and SCIM directories recorded for manual IdP-side provisioning.
- A migration-pending flag on every user so the first sign-in prompts passkey or magic-link enrollment.
What you don't bring
- Passwords. Authio is passwordless. We never accept a hash file.
- Sessions. Existing IdP sessions are dropped. Users re-authenticate on next visit.
- MFA secrets. We preserve the enrolled flag for visibility, but TOTP secrets aren't transferable.
Two ways to run a migration
Either the dashboard wizard at app.authio.com/migrate (file upload, preview, one-click execute) or the CLI:
go install github.com/tcast/authio_cli/cmd/authio@latest
authio login
authio import workos --input ./workos.json --dry-run | jq '.stats'
authio import workos --input ./workos.json