Case study
Cognito to Auth0: Zero-Disruption Trickle Migration
Migrated a live user base from AWS Cognito to Auth0 using a trickle migration strategy—moving every user transparently, without a password reset event or any visible interruption.
- Auth0
- Auth0 Actions
- AWS Cognito
- TypeScript
- Node.js
- SAML
- OIDC
Context
Cribl was using AWS Cognito for customer authentication. As the product expanded to support enterprise customers, Cognito's constraints around SAML federation and SSO configuration became a blocker for onboarding large accounts.
The challenge was migrating thousands of active users to Auth0 without requiring a coordinated password-reset event. Any forced action from users would generate support load and damage trust.
The migration had to be completely invisible: users would continue logging in normally, and neither the UX nor their credentials would change.
Approach
- Implemented a trickle migration using Auth0 Actions. When a login attempt found no matching Auth0 profile, a custom Action intercepted the lookup failure and validated the submitted credentials directly against the Cognito API.
- If Cognito confirmed the credentials, a new Auth0 profile was created on the fly with the same password and the login succeeded transparently. The user was never shown an error or prompted to take action.
- Each successful login silently transferred one user from Cognito to Auth0. The active Cognito user pool shrank organically over time until no active accounts remained, at which point Cognito was decommissioned.
Outcomes
- Migrated the entire active user base to Auth0 with zero forced password resets.
- Unblocked enterprise SAML and OIDC federation, enabling bring-your-own-IdP support for large accounts.
- Eliminated Cognito as an operational dependency, reducing infrastructure surface area and on-call burden.