This article explains the behavior of Bulk Use Import when the custom password hashes are not included in the import files.

• Bulk User Import
• Custom Password Hashes

The Bulk Use Import feature supports importing password hashes along with other user attributes.

However, if the password hashes are not provided in the import JSON file (user.custom_password_hash or user.password_hash) in the initial import, a secure random password hash is generated and imported for this user, which creates the following consequences:

1. The user is forced to reset their password before they can log in - importing users without password hashes does not mean they can log in with an empty password.
2. If another bulk user import attempts to import/upsert password hashes for the same user, it will fail with the error A custom_password_hash was provided, but the user already has password hash defined. The initial import is the only opportunity to include user password hashes. The bulk user import cannot be used to update users' passwords in bulk.
3. If a user is imported without custom password hashes and has the secure random password hash, except for letting the user to reset their password, there are two methods to update the user's password hash:

• • Use the management API PATCH /api/v2/users/{user_id} endpoint to update the user's password Directly set the new password.
  • Delete the user via the management API PATCH /api/v2/users/{user_id} endpoint, then import the user with proper password hashes.

Related References

• Custom password hash
• Directly set the new password