User Import & Export
Auris provides bulk import and export tools for user data. Import users from CSV or JSON files when migrating from another identity provider, onboarding a new department, or seeding a staging environment. Export your user database for backup, compliance audits, or migration to another system.
Access via Console → Settings → Import / Export.
Importing Users
The import flow walks you through file upload, data preview, and processing. Imports run asynchronously — you can navigate away from the page and check progress later.
Import Walkthrough
Click Import Users
On the Import / Export page, click the Import Users button in the Import section.
Select the file format
Choose CSV or JSON. This tells Auris how to parse the file you are about to upload.
Upload your file
Drag and drop a file onto the upload area, or click Browse to select a file from your computer. The maximum file size is 10 MB.
Preview the parsed data
Auris parses the file and displays the first 10 rows in a preview table. Verify that column headers are correctly detected and that values appear in the right fields. If the preview looks wrong, check your file format against the requirements below.
Map columns to Auris fields
If your file uses non-standard column names, map each column to the corresponding Auris field:
| Auris Field | Required | Description |
|---|---|---|
email | Yes | The user’s email address. Must be a valid email format. Must be unique across the tenant. |
firstName | No | First name |
lastName | No | Last name |
username | No | Username. If omitted, Auris derives it from the email address. |
password | No | Plaintext password. Hashed (bcrypt) before storage. If omitted, the user must use Forgot Password or Magic Link to set a password. |
roles | No | Comma-separated list of role names to assign. Roles must already exist in the tenant. |
Click Start Import
Click Start Import to begin processing. The import runs in the background.
File Format Requirements
CSV Format
The first row must be a header row with column names. Values containing commas must be quoted. Multi-value fields (like roles) should be quoted and comma-separated within the quotes.
email,firstName,lastName,password,roles
[email protected],Alice,Smith,SecureP@ss123,editor
[email protected],Bob,Jones,AnotherP@ss456,"editor,viewer"
[email protected],Carol,Williams,,viewerIn the example above, Carol has no password — she will need to use Forgot Password or Magic Link to set one.
JSON Format
The file must contain a JSON array of user objects. Each object follows the same field structure as the CSV columns.
[
{
"email": "[email protected]",
"firstName": "Alice",
"lastName": "Smith",
"password": "SecureP@ss123",
"roles": ["editor"]
},
{
"email": "[email protected]",
"firstName": "Bob",
"lastName": "Jones",
"password": "AnotherP@ss456",
"roles": ["editor", "viewer"]
},
{
"email": "[email protected]",
"firstName": "Carol",
"lastName": "Williams",
"roles": ["viewer"]
}
]Passwords in import files are hashed (bcrypt) before storage. They are never stored or logged in plaintext. Users imported with passwords can log in immediately. Users imported without passwords must use the Forgot Password flow or Magic Links to create credentials.
Import Processing
After clicking Start Import, the import runs asynchronously. Each row is processed sequentially:
- The email is validated for format and uniqueness
- If a password is provided, it is hashed with bcrypt
- The user is created in Prisma (Auris database)
- The user is created in Keycloak (authentication backend)
- If roles are specified, the user is assigned to those roles
- The import progress counter increments
Import History
The Import section shows a history table of all import jobs:
| Column | Description |
|---|---|
| File Name | The name of the uploaded file |
| Format | CSV or JSON |
| Status | Current status (see below) |
| Total Rows | Number of user records in the file |
| Success | Number of users successfully imported |
| Errors | Number of rows that failed |
| Date | When the import was started |
Import Statuses
| Status | Meaning |
|---|---|
| Pending | The import is queued but has not started processing yet |
| Processing | The import is actively running. A progress bar shows X of Y users processed. |
| Completed | All rows were processed successfully with zero errors |
| Partial | Processing finished but some rows failed. Click to see error details. |
| Failed | The import could not be processed at all (for example, the file is malformed or Keycloak is unreachable) |
Viewing Error Details
Click any import with Partial or Failed status to see per-row error details:
| Column | Description |
|---|---|
| Row Number | Which row in the file failed |
| The email address from that row | |
| Error | What went wrong |
Common per-row errors:
| Error | Cause |
|---|---|
| Email already exists | A user with this email is already in the tenant |
| Invalid email format | The email address is not a valid format |
| Role not found: “admin” | The specified role does not exist in the tenant |
| Keycloak error | Keycloak rejected the user creation (check Keycloak logs for details) |
| Missing required field: email | The email column is empty for this row |
Imports create users in both Prisma and Keycloak. If Keycloak is unreachable during import, affected rows will fail. The successfully imported rows (already in both systems) are not rolled back. Re-run the import after Keycloak is restored — existing users will be skipped with an “email already exists” error, and only the previously failed rows will be created.
Exporting Users
Export your user database to a CSV or JSON file for backup, migration, or compliance purposes.
Export Walkthrough
Click Export Users
On the Import / Export page, click the Export Users button in the Export section.
Select the export format
Choose CSV or JSON.
Click Start Export
Click Start Export. The export runs in the background.
Download the file
When the export completes, a Download button appears in the export history table. Click it to download the file.
Exported Fields
The export includes the following fields for each user:
| Field | Description |
|---|---|
email | The user’s email address |
firstName | First name |
lastName | Last name |
username | Username |
roles | Comma-separated list of assigned role names |
enabled | Whether the account is active (true / false) |
createdAt | Account creation timestamp (ISO 8601) |
lastLoginAt | Most recent login timestamp (ISO 8601), or empty if the user has never logged in |
Passwords are never included in exports. This is a deliberate security measure. If you need to migrate users to another system, users will need to reset their passwords in the new system.
Export History
The Export section shows a history table of all export jobs:
| Column | Description |
|---|---|
| Format | CSV or JSON |
| Status | Pending, Processing, Completed, or Failed |
| Total Users | Number of users included in the export |
| File Size | Size of the generated file |
| Expires At | When the download link expires (24 hours after completion) |
| Date | When the export was started |
| Actions | Download button (available when status is Completed and file has not expired) |
Export files are automatically deleted 24 hours after generation. If you need the file after expiry, run a new export.
API Reference
Import and export operations are also available via the REST API for automation and CI/CD pipelines.
/api/users/import//api/users/import//api/users/import/:id/api/users/export//api/users/export//api/users/export/:id/downloadBest Practices
-
Test with a small file first. Before importing 10,000 users, try a file with 5-10 users to verify your column mapping and role names are correct.
-
Pre-create roles. Import does not create roles on-the-fly. Any role names referenced in the import file must already exist in Console → Roles.
-
Use consistent email formatting. Auris treats email addresses as case-insensitive, but the original casing is preserved. Avoid mixing
[email protected]and[email protected]in the same file. -
Schedule large imports during off-peak hours. Each imported user triggers a Keycloak API call. For imports with thousands of users, this generates significant load on Keycloak.
-
Keep export files secure. While exports do not contain passwords, they do contain email addresses, names, and role assignments. Treat export files as sensitive data.
Permissions
| Permission | Description |
|---|---|
manage:users | Required for both importing and exporting users. This is the same permission used for creating and managing users through the Console UI. |
Related Guides
- Managing Users — Creating and managing individual users in the Console
- User Import & Export Guide — Detailed developer guide with scripting examples
- Users & Roles — User and role management in the Console
- SCIM Provisioning — Automated provisioning from enterprise IdPs as an alternative to manual import