MD5 crypt is supported by OKTA

Is MD5 crypt is supported by OKTA?

Is there any plan to include this also?

Password hash generator link:
https://unix4lyfe.org/crypt/

I am trying to do a test user import for my company as we are switching from managing users in our database to using Okta as our identity provider. We’d like to keep the transition for our users as easy as possible, so we want to port over all of our current users with their current passwords. I have been able to successfully create a new user in Okta through the user API with using the password salt and hashed password. However, when I go to log in with the newly created user, the password does not seem to work.
Looks like OKTA does not support crypt MD5 algo for hashed password.
https://developer.okta.com/docs/reference/api/users/#password-object

Is there any other way to achieve this?

Hi @shakshi103103

MD5 is supported by Okta as mentioned in the algorithm row here.

The hash.value that needs to be added in the user creation payload (as defined here) must be a base64_encode of the raw value of the hash and not base64_encode of the hex encoded value.

Please check also this article which describes the steps to create a user with imported hashed password.

Hi @dragos
It’s MD5-crypt algorithm, not only MD5.
For example,
Lets say, Password is Test@123 , Salt: dZ7TA6zk
MD5-crypt Hashed password: $1$dZ7TA6zk$/.Z31BfH.P3ZKJO7BtZ1t1
(note: ihave used https://unix4lyfe.org/crypt/ to generate hash password. This is the format we used for password generation)

As you suggested, I have tried :
Base64 for salt (dZ7TA6zk): ZFo3VEE2ems=
MD5 Prefix: 66fea0b444fb09acbdff9a3f59cae91a
I have tried with MD5 Postfix as well: 50a5401d597f4c180aecb85674b357b3
User is creating. But could not able to login with password “Test@123”

curl -v -X POST -H “Accept: application/json” -H “Content-Type: application/json” -H “Authorization: SSWS " -d '{
“profile”: {
“firstName”: “ss”,
“lastName”: “ss”,
“email”: "test11@google.com”,
“login”: "test11@google.com",
“mobilePhone”: “555-415-1337”
},
“credentials”: {
“password” : {
“hash”: {
“algorithm”: “MD5”,
“salt”: “ZFo3VEE2ems=”,
“saltOrder”: “POSTFIX”,
“value”: “50a5401d597f4c180aecb85674b357b3”
}
}

}
}’ “https://.okta.com/api/v1/users?activate=false”

Hi @shakshi103103

Thank you for the clarification. At the moment, we do not support MD5-crypt as an algorithm to bring users in Okta using the create users with imported hashed password API call.

I have moved this topic to Feature Requests section in order to make it visible to the engineering team and have this option considered in a future release.