Bulk import
Bulk import allows customer accounts to be migrated to Strivacity before customers begin authenticating through the platform.
Depending on the number of accounts being migrated, bulk import can be performed through the Strivacity APIs or through a CSV-based migration process with assistance from Strivacity Customer Support.
Bulk import options
Option 1: Create account API (up to approximately 15,000 accounts)
For smaller migrations, customer accounts can be created through the Create account API.
Account data is submitted through API requests, and passwords can be provided either in plain text or as password hashes.
For more information, see the Create account API reference.
Option 2: API import with increased rate limits (approximately 15,000 to 100,000 accounts)
For larger migrations, customer accounts can still be imported through the APIs.
In these scenarios, Strivacity can increase API rate limits to support higher migration volumes and reduce the time required to complete the import.
Contact Strivacity Customer Support if you plan to migrate a large number of accounts through the APIs.
Option 3: CSV import with Strivacity Customer Support assistance (100,000+ accounts)
For very large migrations, customer accounts can be imported from CSV files with assistance from Strivacity Customer Support.
Customer account data, password hashes, and password salts can be included in the import files.
Before the import is performed, Strivacity recommends validating the files using the Import validator tool to identify formatting and data validation issues.
For information about supported password hash algorithms, see Supported password hashes.
Importing hashed passwords
During bulk migration, Strivacity supports importing customer passwords as hashes instead of requiring plaintext passwords.
This allows existing credentials from external identity providers to be preserved without requiring customers to reset their passwords.
To enable this capability, activate Enable password hash input on certain administrative APIs in the identity store configuration.
When this feature is enabled:
- Password hashes can be provided when creating accounts or updating passwords via the Admin API.
For more information, see the Create account and Reset password API documentation.
- Passwords are initially stored using the provided hash. After the first successful login, the password is re-hashed using Strivacity’s default hashing algorithm. This process occurs without friction and is transparent to the customer.
This capability is intended for migration scenarios and requires API-based integration using client credentials.
When importing password hashes:
- Password policies are not applied
- Pre-password persist hooks are not triggered
- Outbound password synchronization is not triggered
This behavior ensures compatibility with existing credential data but should be considered when designing migration and security strategies.
Supported password hashes
Strivacity's default password hashing algorithm is SHA256Salted.
During the migration process, Strivacity supports the following password hashing algorithms to ensure compatibility and secure handling of customer credentials:
| Hash algorithm | Security level | Description |
|---|---|---|
| Argon2 | High | Memory-hard algorithm designed for secure password hashing. |
| BCrypt | High | Built-in salt with adjustable work factor. |
| AspDotNet | Medium | Uses PBKDF2 with configurable iterations and salt. |
| SHA256Salted | Medium | SHA-256 with salt for improved resistance to rainbow table attacks. |
| SSHA256SaltedBase64 | Medium | SHA-256 hash with salt, Base64-encoded and prefixed with {SSHA256}. Commonly used by LDAP servers. |
| SHA1Salted | Low-Medium | SHA-1 with salt; not recommended due to known weaknesses. |
| MD5Salted | Low | MD5 with salt; not recommended. |
| SHA256 | Low | Unsalted SHA-256; vulnerable to precomputed attacks. |
| SHA1 | Low | Considered insecure due to collision vulnerabilities. |
| MD5 | Low | Considered insecure and should not be used. |
Customer passwords must be provided in one of these formats when importing existing password hashes.
While Plaintext password imports are also supported, this is not advised.
Best practices
- Data cleanup: Thoroughly clean and validate data before starting the import process to avoid errors.
- Test imports: Conduct test imports with smaller data sets to ensure the process works smoothly.
- Backup: Always back up legacy data before initiating the bulk import.
- Documentation: Maintain detailed documentation of the import process and any custom scripts used.