Import Users with BCrypt Hash Passwords via API
Apr 8, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview
This article details how to import users that have a BCrypt hashed password in Okta by leveraging API calls.
Applies To
- Hash Import
- Users API
- BCrypt
Solution
To import users that have a BCrypt hashed password, the following procedure is in place:
- Set up the Postman app as described in the Test the Okta REST APIs using Postman article.
- Fork the [Okta Users] API collection to the environment.
- Prepare the Create User with imported hashed password. Be advised that the calls should be done with the
?activate=trueparameter or a subsequent Activate user for the user to be in aActivestate. - Press Send to send the API. If successful, a 200 SUCCESS response will be received along with a schema of the user's proprieties.
In this example for the syntax, here is the breakdown of elements used in the hash:
Username: hashimport@hashimport.xyz
Password: P@ssword123456
Full Hash: $2a$10$qRRx8rli7Lvs2h2CNgCQ2OmVA2NDdomRGoGFrAXDZcno0OZ6CoOU2
Algorithm and Rounds of encryption: $2a$10$
22 extracted Salt from the Hash above after the Algorithm/Rounds: qRRx8rli7Lvs2h2CNgCQ2O
API Body:
{
"profile": {
"firstName": "Isaac",
"lastName": "Brock",
"email": "hashimport@hashimport.xyz",
"login": "hashimport@hashimport.xyz",
"mobilePhone": "555-666-1337"
},
"credentials": {
"password" : {
"hash": {
"algorithm": "BCRYPT",
"workFactor": 10,
"salt": "qRRx8rli7Lvs2h2CNgCQ2O",
"value": "mVA2NDdomRGoGFrAXDZcno0OZ6CoOU2"
}
}
}
}
