MohanA.38843 (Customer) asked a question.
Hello,
As title says, we want to move the users off of on-prem LDAP to Okta pretty much transparently, only difference they would see the login screen from Okta sign-on widget, other than that they would continue to use their existing username and password (+ group memberships), lets leave MFA for now.
We've been going through Okta LDAP integration (JIT in particular), but not certain that our aim would be achievable. Would Okta be able to JIT provision the account (including password hash) reading from on-prem LDAP?
Or in general, would it be achievable to import user accounts as-is into Okta to continue support authentication?
Aim is to decommission on-prem LDAP and move users into Okta in transparent way.
Any reference would be appreciated!
Thanks, Mohan
Hi @MohanA.38843 (Customer) , Thank you for reaching out to the Okta Community!
Something similar was asked in the past. While migrating the user account over to okta is easy enough, the difficult part is the password. The JIT Provisioning does not import passwords.
There are a few articles on password imports possibilities as well as potential issues/limitations. I'll drop the links below:
https://support.okta.com/help/s/article/how-to-import-a-user-through-api-using-bcrypt-hash?language=en_US
https://developer.okta.com/docs/guides/migrate-to-okta-password-hooks/main/
https://devforum.okta.com/t/importing-users-with-hashed-passwords-into-okta/15635/2
https://developer.okta.com/blog/2020/09/18/password-hook-migration
https://support.okta.com/help/s/article/Users-are-unable-to-login-using-imported-hashed-password?language=en_US
That being said, if you have an account with us, I recommend reaching out to your Okta Account Executive or Customer Success Manager to discuss the migration as assistance with this would fall under the scope of Okta Professional Services.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Ask Us Anything about Workflows now thru 10/31