Bulk Password Reset

Summary

Bulk Password Reset is the simplest and most robust migration strategy. You export all users from your old provider, import them into the new provider, then send password reset emails to all users. This approach is predictable, testable, and works with any provider combination.

When to Use

This strategy works best when:

You have a smaller user base (<10K users) where mass password resets are manageable
You need the simplest, most reliable approach
You can tolerate some user friction from password resets
You want a predictable, testable migration process
You have good communication channels with your users

Pros

Simplest approach - easy to understand and implement
Works with any provider combination
Predictable and testable - you can dry-run the entire process
No complex logic or edge cases to handle
Clear cutover point - migration is complete when import finishes

Cons

All users must reset passwords - can cause support tickets
Requires good communication plan to manage user expectations
May impact active users who need to reset immediately
Social logins need to be re-linked by users
No password continuity - users lose their existing passwords

Typical Flow

1Export all users from old provider (AuthShepherd automates this)
2Transform user data to match new provider format
3Import users into new provider (AuthShepherd handles this)
4Send password reset emails to all users
5Update your application to point to new provider
6Monitor support channels for reset-related issues
7Decommission old provider after migration period

Social Logins Considerations

Social logins (Google, Microsoft, Apple, etc.) cannot be automatically migrated. Users will need to re-link their social accounts in the new provider. Consider:

Sending clear instructions on how to re-link social accounts
Providing a fallback password reset option for users who primarily use social login
Updating your OAuth redirect URLs in social provider settings
Testing social login flows before cutover

Password Continuity / Reset Expectations

Users will need to reset their passwords. This is unavoidable with this strategy. To minimize disruption:

Send advance notice emails explaining the migration
Use branded email templates that match your application
Provide clear instructions and support contact information
Consider a grace period where both providers work (if possible)
Monitor support tickets and be ready to help users who struggle

Operational Checklist

Before Migration

Run dry-run export to verify data format and completeness
Test import process with a small subset of users
Prepare communication plan and email templates
Set up monitoring and alerting for the migration
Train support team on common reset-related questions
Verify new provider configuration and API access

During Migration

Export users from old provider
Transform and validate user data
Import users into new provider
Send password reset emails
Update application configuration to use new provider
Monitor error rates and support tickets

After Migration

Monitor user login success rates
Track support tickets and resolve issues quickly
Verify all critical users can log in
Keep old provider active for a grace period (if possible)
Decommission old provider after migration period
Archive migration logs and reports

Common Pitfalls

Insufficient communication: Users are surprised by password reset emails. Send advance notice.
Poor email deliverability: Reset emails go to spam. Use proper SPF/DKIM records and consider a transactional email service.
Missing user data: Some fields don't transfer correctly. Run dry-runs and validate data mapping.
Support overload: Too many users need help. Have support team ready and consider phased rollout.
Social login confusion: Users don't know how to re-link accounts. Provide clear instructions.

Impact on Active Users: Active users will be immediately affected and need to reset passwords to continue using your application. Plan your communication and support accordingly.