Keycloak bulk user import

Question

Does anyone have any thoughts on how one might import a very large number of users into Keycloak.

We are in the process of upgrading from 2.5.5 to 4.0.0 and have had to switch from MongoDB to MySQL. We have been able to export our user base but with 280k+ users to import back into Keycloak. The import process takes 25 mins to import one file of 500 users, which doesnt really seem practical as that would take us approximately 9/10 days to import the user base if we were working 24/7.

Any thoughts or ideas would be appreciated.

Answer 1

You can use the Keycloak REST API with partialImport

First, you need to get an access_token, you can use your admin user or a client with the role manage-realm assigned

access_token=`curl http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/token -XPOST -d 'grant_type=client_credentials' -u 'admin-client:admin-secret' | jq -r .access_token`

Then you can import an array of users

curl -X POST -H "Authorization: Bearer $access_token"  -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"users":[{"username":"jose.perez","email":"jose.perez@gmail.com","firstName":"Jose","lastName":"Perez","emailVerified":true,"enabled":true,"ifResourceExists":"SKIP"}' http://localhost:8080/auth/admin/realms/my-realm/partialImport

Answer 2

I realize I'm a little late to the party here...

Keycloak 8 (and newer) has a mechanism for bulk importing users via a .json file: https://www.keycloak.org/docs/8.0/server_admin/index.html#_export_import

If you have some sort of mechanism for dumping your existing users to a .json file, it makes the import reasonably easy.