Thanks! I figured out most of those steps before the post but somehow overlooked the fact that the unencrypted password will (once confirmed through hashing, with unique salt value) still be available for passing to third-party application in whatever format required. I feel silly not realizing this sooner!