Api validation failed: salt



We wanted to migrated users with encrypted password, so that users can continue using their old passwords. We currently use one way salt to encrypt the password.

I see example in the https://developer.okta.com/docs/api/resources/users#create-user-with-imported-hashed-password but when I try to exercise the following example, I am getting the following error:

  "profile": {
    "firstName": "Test",
    "lastName": "Test",
    "email": "test@example.com",
    "login": "test@example.com",
    "mobilePhone": "555-415-1337"
  "credentials": {
    "password" : {
      "hash": {
        "algorithm": "BCRYPT",
        "workFactor": 10,
        "salt": "XXXXXXXX",


    "errorCode": "E0000001",
    "errorSummary": "Api validation failed: salt",
    "errorLink": "E0000001",
    "errorId": "oaeGaT9edJVSiawdLlAVrhdBg",
    "errorCauses": [
            "errorSummary": "salt: The field is too long"


The request you are making should work (I’ve tested it with bcrypt in the past). Would you be willing to share (via private message) an example of test credentials that do not work?

Just curious, how are you getting the bcrypt-ed passwords out of AD?



Just to clarify more, we saved the password in our own database and would like to migrate to Okta without user changing their passwords.

Do you have any real example of how you test the bcrypt password?




I am getting the following error. Is this feature flag is disable in my environment?

“errorCode”: “E0000001”,
“errorSummary”: “Api validation failed: password”,
“errorLink”: “E0000001”,
“errorId”: “oaeLLxhMF3DSYmg_3lrlv-bAQ”,
“errorCauses”: [
“errorSummary”: “password: Password importation requires the IMPORT_PASSWORD_HASH feature flag”