ory
diff --git a/‎docs/migrate-to-ory/auth0.mdx‎
Lines changed: 2 additions & 4 deletions b/‎docs/migrate-to-ory/auth0.mdx‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎docs/migrate-to-ory/index.mdx‎
Lines changed: 0 additions & 283 deletions b/‎docs/migrate-to-ory/index.mdx‎
Lines changed: 0 additions & 283 deletions
diff --git a/‎docs/migrate-to-ory/migrate/create-project‎
Lines changed: 18 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/create-project‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/create-project.mdx‎
Lines changed: 21 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/create-project.mdx‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/define-id-schema‎
Lines changed: 21 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/define-id-schema‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/design-id-schema.mdx‎
Lines changed: 38 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/design-id-schema.mdx‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/faq-migrate.mdx‎
Lines changed: 8 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/faq-migrate.mdx‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/go-live‎
Lines changed: 27 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/go-live‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/go-live.mdx‎
Lines changed: 26 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/go-live.mdx‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎docs/migrate-to-ory/migrate/index.mdx‎
Lines changed: 139 additions & 0 deletions b/‎docs/migrate-to-ory/migrate/index.mdx‎
Lines changed: 139 additions & 0 deletions
@@ -1,12 +1,10 @@
 ---
 id: auth0
-title: Migrate users from Auth0 to Ory
-sidebar_label: Migrate from Auth0
+title: Migrate user identities from Auth0 to Ory
+sidebar_label: Migrate user identities from Auth0 to Ory
 slug: migrate-from-auth0
 ---
 
-# Migrate from Auth0
-
 This guide shows you how to migrate user accounts from Auth0 to Ory. The instructions in this document assume that your Auth0
 setup includes a database connection and that the users whose accounts you migrate use emails and passwords as their login
 credentials.
 
@@ -0,0 +1,18 @@
+---
+id: create-project
+title: Create project
+sidebar_label: Create project
+sidebar_position: 3
+---
+
+## Create Ory Network projects
+
+Now that you have chosen your migration strategy, you can begin the actual migration process by setting up your Ory Network
+projects. This involves creating a new project environment where the migration will take place.
+
+You can create a new Ory Network project using the Ory CLI. The command ory create project allows you to specify the environment
+of the project, the output format, the name of the project, and the workspace to use. More details about creating a project can be
+found [here](../cli/ory-create-project).
+
+Before migrating your production environment, perform the migration in a development or staging environment. This allows you to
+test and refine the process without affecting your live data or users.
@@ -0,0 +1,21 @@
+---
+id: create-project
+title: Create an Ory Network project
+sidebar_label: Create an Ory Network project
+sidebar_position: 3
+---
+
+Now that you have chosen your migration strategy, you can begin the actual migration process. Perform the migration in a
+development or staging environment before migrating to your production environment. This allows you to test and refine the process
+without affecting your live data or users.
+
+1. Get an [Ory Network account](https://console.ory.sh/login?flow=c59cbae0-ea41-44e4-b46a-f9e1857be3a2).
+1. Install Ory CLI and [set up your local environment](https://www.ory.com/docs/getting-started/local-development) to start
+   developing with Ory.
+1. Create an Ory project and get your Ory project ID.
+1. [Set up the necessary dependencies and configurations](https://www.ory.com/docs/identities/get-started/setup) to integrate
+   Ory's features into your application.
+1. Review a [quick start](https://www.ory.com/docs/welcome) for your framework.
+
+You can use the Ory CLI to specify the environment of the project, the output format, the name of the project, and the workspace
+to use. See the [Ory CLI Reference](../../cli/ory-create-project) for the `ory create project` command and additional options.
@@ -0,0 +1,21 @@
+---
+id: define-id-schema
+title: Define identity schema
+sidebar_label: Define identity schema
+sidebar_position: 3
+---
+
+
+## Define identity schema
+
+To match identities from your current system with the new Ory system, you can customize the identity schema in Ory to meet your
+specific requirements. This schema defines the types of data that the system can store for users, including names, email
+addresses, phone numbers, and other authentication-related information. Additionally, you can specify extra metadata fields to be
+included in user profiles. Ory offers default presets to assist you in creating and managing identity schemas. More details about
+identity schemas can be found [here](../kratos/manage-identities/identity-schema).
+
+- Do store profile data in your identity that is used across your system. This includes the usernames, email addresses, phone
+  numbers, first names, and last names.
+- Do not store business logic in your identity, store this information in other systems, such as your application database. This
+  includes for example credit card information, shipping addresses, shopping cart items, or user preferences. See also the
+  following section on backend integration.
@@ -0,0 +1,38 @@
+---
+id: design-id-schema
+title: Design your identity schema
+sidebar_label: Design your identity schema
+sidebar_position: 3
+---
+
+To align identities from your current system with Ory, you can customize the identity schema to meet your specific requirements.
+This ability to customize the identity schema means you can enhance and improve your old identity schema during the migration
+process.
+
+The identity schema, which implements the JSON Schema standard, defines the types of data the system can store for users—such as
+names, email addresses, phone numbers, or birthdays. It also controls business logic by specifying which fields serve as login
+identifiers and which are used for verification or recovery.
+
+Identities have two main data types: traits (attributes that users can modify themselves, such as username or email address) and
+metadata (attributes defined by system admins that can only be updated through admin APIs. Metadata is useful for storing
+information like subscription status, legacy user IDs, or basic roles). Metadata comes in two forms: public (visible to users via
+session endpoints) and admin (only accessible through admin APIs).
+
+## Best practices for identity schema design:
+
+### Do:
+
+- Use the identity schema for basic profile information that's used across your system, including usernames, email addresses,
+  phone numbers, first names, and last names
+- Store authentication-related data like login identifiers and verification addresses in traits
+- Use metadata fields for system-managed information like legacy user IDs, subscription status, or basic roles
+
+### Don't:
+
+- Store sensitive internal data or information that should be obfuscated from users in the identity schema, since users can see
+  traits and other data (except credentials) using the `/sessions/whoami` endpoint
+- Store business logic or application-specific data like credit card information, shipping addresses, shopping cart items, or
+  detailed user preferences—keep this in your application database instead
+
+Ory provides preset schemas to help you get started quickly. For detailed guidance on customizing schemas, see the
+[identity schemas](../../kratos/manage-identities/identity-schema) documentation.
@@ -0,0 +1,8 @@
+---
+id: faq-migrate
+title: Migration FAQ
+sidebar_label: Migration FAQ
+sidebar_position: 1
+---
+
+TODO: Living section for specific questions/answers that Sales get asked but which don't neatly fit within the migration process.
@@ -0,0 +1,27 @@
+---
+id: go-live
+title: Go live
+sidebar_label: Go live
+sidebar_position: 2
+---
+
+
+# Go live
+
+After successfully migrating your data and testing the integration in your development or staging environment, it's time to go
+live with Ory in your production environment.
+
+1. Final testing: Before switching over to Ory in production, conduct thorough testing of all user authentication flows, identity
+   management features, and access controls. This includes testing edge cases, error handling, and load testing to ensure the
+   system can handle your user base.
+1. Prepare a rollback plan: In case any issues arise during the go-live process, have a rollback plan in place. This may involve
+   reverting to your previous authentication system or restoring data from backups.
+1. Schedule the go-live: Choose a time for the go-live that minimizes the impact on your users, such as during low-traffic
+   periods. Communicate the planned migration to your users in advance, including any expected downtime or changes they should be
+   aware of.
+1. Monitor the transition: As you switch over to Ory, closely monitor the system for any issues, such as failed authentications,
+   performance bottlenecks, or user complaints. Use live events to monitor the system under
+   <ConsoleLink route="project.activity.events" />.
+1. Optimize and refine: After the go-live, continue to monitor the system and gather user feedback.
+
+Once your Ory integration is stable and users are successfully authenticating with the new system, your migration is complete.
@@ -0,0 +1,26 @@
+---
+id: go-live
+title: Go live
+sidebar_label: Go live
+sidebar_position: 2
+---
+
+After successfully migrating your data and testing the integration in your development or staging environment, it's time to go
+live with Ory in your production environment.
+
+1. Final testing: Before switching over to Ory in production, conduct thorough testing of all user authentication flows, identity
+   management features, and access controls. This includes testing edge cases, error handling, and load testing to ensure the
+   system can handle your user base.
+1. Prepare a rollback plan: In case any issues arise during the go-live process, have a rollback plan in place. This may involve
+   reverting to your previous authentication system or restoring data from backups.
+1. Schedule the go-live: Choose a time for the go-live that minimizes the impact on your users, such as during low-traffic
+   periods. Communicate the planned migration to your users in advance, including any expected downtime or changes they should be
+   aware of.
+1. Monitor the transition: As you switch over to Ory, closely monitor the system for any issues, such as failed authentications,
+   performance bottlenecks, or user complaints. To monitor the system, view live events at
+   <ConsoleLink route="project.activity.events" />.
+1. Optimize and refine: After the go-live, continue to monitor the system, gather user feedback, and make adjustments as needed to
+   improve performance and user experience.
+
+Once your Ory integration is stable and users are successfully authenticating with the new system, your migration is complete.
+Continue to leverage Ory's features to enhance your authentication and identity management over time.
@@ -0,0 +1,139 @@
+---
+id: index
+title: Understand your current IAM system
+sidebar_label: Understand your current IAM system
+sidebar_position: 1
+---
+
+# Understand your current IAM system
+
+Before you can migrate smoothly, you need a complete picture of how your identity management system works today. This step ensures
+nothing gets missed—from everyday login flows to rare edge cases—and sets the foundation for mapping existing functionality to Ory
+Network's equivalent capabilities.
+
+:::info Why it matters
+
+Mapping your full login lifecycle is the best way to de-risk migration. Your current IAM system may be abstracting away key
+functionality without you realizing it. With Ory Network, you gain full control to shape and optimize every flow to your needs.
+:::
+
+## Identify your IAM scenario
+
+Below are example IAM scenarios supported by Ory Network. Use them to identify which scenario best fits your specific IAM needs
+and understand the unique requirements of each approach. Each scenario differs in complexity and implementation needs. Use these
+IAM scenarios to map the identity flows for your application.
+
+<Tabs
+  defaultValue="CIAM"
+  values={[
+    {label: 'CIAM', value: 'CIAM'},
+    {label: 'B2B', value: 'B2B'},
+    {label: 'Workforce', value: 'Workforce'},
+    {label: 'Agentic AI', value: 'Agentic AI'},
+  ]}>
+
+<TabItem value="CIAM">
+
+### CIAM (Customer Identity and Access Management)
+
+Your company sells products or services directly to individual consumers.
+
+#### Key IAM requirements
+
+- Self-service registration, login, and profile management for end users
+- Social login, multi-factor passwordless options, and robust account recovery
+- Privacy compliance (GDPR, CCPA)
+- High-scale performance for millions of users
+
+</TabItem>
+
+<TabItem value="B2B">
+
+### B2B (Business-to-Business)
+
+Your company sells products or services directly to other businesses rather than individual consumers. Your customers are
+organizations that use these products or services to run their own operations.
+
+#### Key IAM requirements
+
+- Multi-organization user management
+- SSO with SAML/OIDC providers
+- Self-service partner onboarding
+- Role-based permissions and API controls
+- Privacy compliance (GDPR, CCPA)
+- High-scale performance for millions of users
+
+</TabItem>
+
+<TabItem value="Workforce">
+
+### Workforce (Business-to-Enterprise)
+
+Your company provides products or services. Your company wants to manage access for a single organization's extended workforce.
+You want to consolidate employee user accounts and identities across multi-tenant brands, applications and systems. You need to
+seamlessly connect with existing enterprise identity providers and other 3rd party systems, and streamline user onboarding,
+offboarding, and permission management.
+
+#### Key IAM requirements
+
+- Streamline onboarding/offboarding of employee, contractor, and temporary workers
+- Role-based access aligned with organizational hierarchy
+- HR system integration with flexible identity schemas
+- Integrate with enterprise identity providers and third-party systems
+- Time-bound permissions and role assignments
+- Zero-trust security, MFA, and SSO for enterprise applications
+- Privacy compliance (GDPR, CCPA)
+- High-scale performance for millions of users
+
+</TabItem>
+
+<TabItem value="Agentic AI">
+
+### Agentic AI
+
+Your company wants to enable AI applications to securely connect to data sources and tools. For example, servers that host
+resources and clients (AI applications) that discover and use those resources.
+
+#### Key IAM requirements
+
+- Standardized protocol that works across many tools and data sources
+- Built-in authentication and access control
+
+</TabItem>
+
+</Tabs>
+
+## Map all identity flows in your application
+
+Document every identity-related (authentication and authorization) process in your system. Use your IAM scenario’s Key IAM
+requirements to identify these flows. This ensures you don’t miss critical flows during migration.
+
+1. Identify all entry points where an identity-related process occurs (e.g., web app login, mobile app sign-in, API tokens, social
+   or enterprise sign-ins).
+1. Create a comprehensive inventory of flows, for example:
+   - Registration
+   - Sign-in and sign-out
+   - Multi-Factor Authentication (MFA)
+   - Password reset and account recovery
+   - Account linking (social, enterprise logins)
+   - User profile management
+   - Token refresh and session handling
+   - Recovery flows, consent screens, or partner-specific integrations
+1. Create flow diagrams (sequence diagrams or flow charts) to surface dependencies and hidden complexity.
+1. Note where identity-related processes interact with other systems (databases, CRMs, partner apps, or external APIs).
+
+At the end of this process you should have a living document (one that you'll update as you discover more) with diagrams that
+capture:
+
+- All identity-related flows
+- Your system's existing functionality
+- Any existing dependencies on external systems
+- Edge cases requiring special handling
+
+This will serve as your blueprint for planning, designing, testing, and validating your migration.
+
+```mdx-code-block
+import Help from '@site/docs/_common/need-help.mdx'
+
+<Help/>
+```