Create new user with hashed password (SHA512)

I created an Okta user via .NET SDK by passing Base64 (post fixed) hashed password and Base64 salt string.

I computed my plain password with such salt and compared with the hashed password, they are the same. I managed to create a new user in Okta using the code below, however, I can’t use my plain password to login to Okta.

        private async Task<OktaModel.User> NewOktaUser(UserApi userApi, UserInfo userInfo, string hashedPassword)
        var saltBytes = GetSHA512Salt(hashedPassword);
        var saltString = Convert.ToBase64String(saltBytes);

        // Create user
        var createUserReq = new OktaModel.CreateUserRequest();
        createUserReq.Profile = new OktaModel.UserProfile()
            FirstName = userInfo.FirstName,
            LastName = userInfo.LastName,
            Email = userInfo.EmailAddress,
            Login = userInfo.Username,
            AdditionalProperties = new Dictionary<string, object>() {
                { "externalObjectId", userInfo.ObjectID },
                { "externalTenantId", Config.ConfigurationManager.AppSettings["okta:PortalId"] }
        createUserReq.Credentials = new OktaModel.UserCredentials()
            Password = new OktaModel.PasswordCredential()
                Hash = new OktaModel.PasswordCredentialHash()
                    Algorithm = OktaModel.PasswordCredentialHashAlgorithm.SHA512,
                    Salt = saltString,
                    SaltOrder = "POSTFIX",
                    Value = hashedPassword
        return await userApi.CreateUserAsync(createUserReq, true);

Did I do anything wrong? I am thinking the hash algorithm in Okta is different to .NET?
Or if any one could provide any working example in .NET, really appreciate!

Don’t worry, I figured this out. Our hashed password has extra infrormation apart from the SHA512 algorithm.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.