This site requires JavaScript to be enabled
External Customer KB > General > Smart Passwords
Smart Passwords
Article: KB0010514 Published: 06/06/2019 Last modified: 02/18/2020

The Smart Password feature allows you to capture user passwords from one directory and provision them to another directory, enabling graceful migration between directories.

There are two types of Smart Password functionality:

  • The global Smart Password feature eases migration from a remote (third-party) user directory to the OneLogin Cloud Directory, allowing users to avoid having to do a password reset when you migrate.

    It does so by capturing a hash of a user's password in OneLogin any time a user authenticates against a remote directory like Active Directory, LDAP, or G Suite. The hash is stored in OneLogin but not the password itself.

    You enable the global Smart Password feature in your OneLogin Account Settings.

  • The remote directory Smart Password feature enables migration from one remote directory (let's say your LDAP directory) to another remote directory (let's say Active Directory).

    In this case, OneLogin caches a hash of a user's password when the user authenticates successfully to OneLogin against remote directory A (LDAP, in our example), and then provisions the password to remote directory B (Active Directory, in our example). The password is never stored in OneLogin, although the hash is stored to allow OneLogin to identify when the password is changed and needs to be provisioned again.

    You enable the remote directory Smart Password feature when you configure the receiving remote directory in OneLogin (in our example, you select the Enable Smart Password option in your Active Directory settings in OneLogin).

    For more information, see:
    Configuring Active Directory Connectors
    Provisioning Users and Attributes from OneLogin to Your LDAP Directory
    G Suite (Google Apps) Directory Integration

Expand/Collapse Comments
Was this helpful?