We currently have around 1000 users in our okta organization, let’s call it “A”. We would like to use a new Hub&Spoke organization method, and migrate the users to the new Spoke org, let’s call it “B”. Is it possible that we could migrate our users’ passwords from “A” to “B” using the Password Import Inline Hook? What should we need to put in the url part? Or if we wrote some codesto make an external application, is there any okta authentication API which could verfiy the users in “A” and return the command needed for Password Import Inline Hook?
Typically if you were going to do a hub&spoke model you wouldn’t need to migrate the users to another Org, instead you would setup an Org2Org configuration so users could be sourced in one Org (A) but still be able to access apps in another Org (B).
If you plan to do this but would like to have the users sourced in a different Org (B) then they are currently (A), you could use the password import hook.
Basically you would need to set the URL to your own service application which would take the credentials provided by Okta from an authentication attempt and check them against the Org (A). To do this you would need to call authn either directly, or using one of the Okta Auth SDKs such as auth-js.
Since you are just checking the password it could be that when you do an authn if the account has MFA setup in Org (A), you wouldn’t be able to go through that part of the flow. However getting prompted for MFA would mean that the password the user entered was correct and you could return the appropriate response in your hook at that point.