Notifications
Clear all
Topic starter
22/06/2026 10:20 am
TL;DR: Auth migrations above 200,000 users shift from simple cutovers to resumable imports, proxy-based SSO routing, and disciplined webhook sequencing, according to WorkOS. At that scale, the hard problem is not moving accounts, but preserving continuity while identity, event flow, and connection mapping change under load.
NHIMG editorial — based on content published by WorkOS: Migrating auth at scale, with guidance for 200K-user auth migrations
Questions worth separating out
Q: How should teams manage auth migrations when user counts exceed 200,000?
A: Teams should treat the migration as a staged identity change, not a single cutover.
Q: Why do large SSO migrations fail more often than small ones?
A: They fail because the coordination cost of reconfiguring many enterprise connections overtakes the technical work.
Q: What do security teams get wrong about webhook handling during auth migration?
A: They often treat webhooks as a secondary concern and only think about them at the end of the cutover.
Practitioner guidance
- Define a scale-based cutover threshold Set an internal migration threshold where resumable imports, staged routing, and formal rollback controls become mandatory.
- Use batch import checkpoints and diff validation Persist local progress during export and import so interrupted runs can restart without duplicating users.
- Sequence webhook disablement before import Disable old-provider webhooks before the migration starts, then control queued event replay deliberately after cutover.
What's in the full article
WorkOS's full guide covers the operational detail this post intentionally leaves for the source:
- CLI command sequences for export, import, and diff workflows across supported identity providers
- Connection CSV preparation details for SAML and OIDC migrations, including the fields needed for validation
- Transparent proxy mechanics for SSO cutovers, including feature-flagged opt-in and fallback handling
- Webhook sequencing guidance for draining old-provider backlog without overwhelming downstream systems
👉 Read WorkOS's guide to migrating auth at scale above 200K users →
200k-user auth migrations: where do cutovers usually break?
Explore further
22/06/2026 11:12 am
200K-user auth migration creates a continuity gap, not just a project plan. Below that threshold, teams can absorb some manual rework and short-lived inconsistency. Above it, identity state, federation configuration, and downstream events all change at once, so the migration itself becomes the operational risk surface. The implication is that auth cutover must be treated as service continuity engineering, not just account transfer.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why migration and cutover planning often reveals more identity sprawl than teams expected.
A question worth separating out:
Q: How do organisations decide between manual SSO reconfiguration and a transparent proxy?
A: Use manual reconfiguration for a small number of connections where customer admin coordination is still practical. Switch to a transparent proxy once the number of enterprise SSO connections makes per-customer setup the main source of delay and failure risk.
👉 Read our full editorial: Auth migration at 200k users exposes the real cutover risks
