Database Federation

Database federation lets nexusID authenticate users against an existing user database (a legacy app's users table) without migrating those credentials up front — ideal for incremental migrations.

Admin console: /admin/db-federation

Concepts

• Federated DB source — a connection to an external user store (table, view, or query) holding usernames and password hashes.
• Credential verification — nexusID validates the supplied password against the external hash using the configured algorithm.
• Just-in-time import — on first successful sign-in, the user can be provisioned into nexusID, so the legacy store is gradually drained.

How it works

At sign-in, nexusID looks the user up in the federated database and verifies the password against the stored hash. On success it issues tokens like any other login and (optionally) JIT-provisions a nexusID account. Over time users migrate transparently — no bulk password reset required.

Typical setup

1. /admin/db-federation → configure the connection and the user lookup + hash format.
2. Map columns to identity attributes.
3. Enable JIT import to migrate users as they authenticate.

Related

• JIT Provisioning · Realms