diff --git a/src/migrations/2021-07-23T19:44:00.000Z_CreateSessionsTable.migration.ts b/src/migrations/2021-07-23T19:44:00.000Z_CreateSessionsTable.migration.ts
new file mode 100644
index 0000000..0c70d02
--- /dev/null
+++ b/src/migrations/2021-07-23T19:44:00.000Z_CreateSessionsTable.migration.ts
@@ -0,0 +1,39 @@
+import {Inject, Injectable} from '../di'
+import {ConstraintType, DatabaseService, FieldType, Migration, Schema} from '../orm'
+
+/**
+ * Migration that creates the sessions table used by the ORMSession backend.
+ */
+@Injectable()
+export default class CreateSessionsTableMigration extends Migration {
+    @Inject()
+    protected readonly db!: DatabaseService
+
+    async up(): Promise<void> {
+        const schema: Schema = this.db.get().schema()
+        const table = await schema.table('sessions')
+
+        table.primaryKey('session_uuid', FieldType.varchar)
+            .required()
+
+        table.column('session_data')
+            .type(FieldType.json)
+            .required()
+            .default('{}')
+
+        table.constraint('session_uuid_ck')
+            .type(ConstraintType.Check)
+            .expression('LENGTH(session_uuid) > 0')
+
+        await schema.commit(table)
+    }
+
+    async down(): Promise<void> {
+        const schema: Schema = this.db.get().schema()
+        const table = await schema.table('sessions')
+
+        table.dropIfExists()
+
+        await schema.commit(table)
+    }
+}
diff --git a/src/migrations/2021-07-24T10:31:00.000Z_CreateUsersTable.migration.ts b/src/migrations/2021-07-24T10:31:00.000Z_CreateUsersTable.migration.ts
new file mode 100644
index 0000000..1070172
--- /dev/null
+++ b/src/migrations/2021-07-24T10:31:00.000Z_CreateUsersTable.migration.ts
@@ -0,0 +1,47 @@
+import {Inject, Injectable} from '../di'
+import {DatabaseService, FieldType, Migration, Schema} from '../orm'
+
+/**
+ * Migration that creates the users table used by @extollo/lib.auth.
+ */
+@Injectable()
+export default class CreateUsersTableMigration extends Migration {
+    @Inject()
+    protected readonly db!: DatabaseService
+
+    async up(): Promise<void> {
+        const schema: Schema = this.db.get().schema()
+        const table = await schema.table('users')
+
+        table.primaryKey('user_id')
+            .required()
+
+        table.column('first_name')
+            .type(FieldType.varchar)
+            .nullable()
+
+        table.column('last_name')
+            .type(FieldType.varchar)
+            .nullable()
+
+        table.column('password_hash')
+            .type(FieldType.text)
+            .nullable()
+
+        table.column('username')
+            .type(FieldType.varchar)
+            .required()
+            .unique()
+
+        await schema.commit(table)
+    }
+
+    async down(): Promise<void> {
+        const schema: Schema = this.db.get().schema()
+        const table = await schema.table('users')
+
+        table.dropIfExists()
+
+        await schema.commit(table)
+    }
+}