Password migration from AD to Okta
Early Access release
If you're currently using delegated authentication through Active Directory (AD) to perform user authentication, and you instead want Okta to perform this authentication, you need to migrate your users' passwords from AD to Okta.
The traditional method used to move user passwords from an AD instance to Okta requires a password reset for all users who belong to the instance. This is both visible to your end users and can be disruptive to your operations. Another method you can use is to create complex custom Org2Org inline hooks to perform the move. This approach requires heavy involvement from IT, and isn't streamlined.
A secure and phased password migration method, which is transparent to end users, is available from the Provisioning tab of an Active Directory (AD) instance. This one-time process enables you to seamlessly move user passwords from an AD instance to Okta.
While a migration is in progress, the process is automatic: each time an end user signs in to Okta by entering their password, it's securely captured and migrated. Okta immediately takes over authentication for that user after their password is captured and migrated. Shifting user passwords and authentication to Okta eliminates the need for delegated authentication. This transition helps shift your identity management to the cloud and establishes Okta as the central source for all core authentication actions.