Russel Fones
Back to workCase study

Cognito to Auth0 Trickle Migration

Migrated active users from AWS Cognito to Auth0 without forced password resets, while unlocking enterprise SSO through SAML and OIDC.

  • Auth0
  • Auth0 Actions
  • AWS Cognito
  • TypeScript
  • Node.js
  • SAML
  • OIDC

Context

Enterprise deals required bring-your-own-IdP support, and Cognito was becoming a product constraint.

The system had to migrate a live user base without coordinated downtime or mass password reset campaigns.

The key requirement was zero disruption for active users in daily workflows.

Approach

  1. Used Auth0 custom login logic to validate unknown users against Cognito during sign-in.
  2. On successful Cognito validation, created Auth0 accounts immediately and completed the same login request.
  3. Ran migration progressively through normal traffic, with guardrails for rate limits and edge-case retries.

Outcomes

  • Migrated active users with no forced reset during the primary migration window.
  • Enabled enterprise SSO onboarding through SAML and OIDC.
  • Retired Cognito and reduced identity-system operational overhead.