Password Inline Hook

Intro


Inline Hooks are great to migratie users with unknown passwords into Okta. For example users stored in an Active Directory, who you want to migratie as Okta users.

Documentation of Okta can be found here.

The idea is to migrate an user from an external source into a full Okta user.


Step by Step example

At first, create an user with password as hook type.

See the reference of the users API on the Okta website.

The account is created and is made active and the provider is set to IMPORT.

Create in Okta the Inline Hook that points to the Webservice. Note (ofcourse) that the web service should run with a ssl-certificate.

The web service

The web service can be created in any program environment. Below is an example(!!) in C#.Net.

But the basis is simple:

  • Catch the json from Okta
  • Get the username and password and verify it. e.g. against your Active Directory.
  • Return the json object, that the credentials = VERIFIED

Validate and update

When the user will login on Okta, the credentials are forwarded to the web service. As you can see in the logfile below.

After an successful authentication the credentials of the account are updated and the provider is OKTA.

The next time the user won't hit the web service, but will be validated as a normal Okta account.