diff --git a/spec/controllers/migrations/external_controller_spec.rb b/spec/controllers/migrations/external_controller_spec.rb
index f15c602782e4dca562b88000da047e4c51dba5c2..1efac7b25ca37d0d5c4533c12fa96d622c684ef1 100644
--- a/spec/controllers/migrations/external_controller_spec.rb
+++ b/spec/controllers/migrations/external_controller_spec.rb
@@ -150,6 +150,7 @@ RSpec.describe Api::V1::Migrations::ExternalController, type: :controller do
         name: 'user',
         email: 'user@users.com',
         provider: 'greenlight',
+        password_digest: 'fake_password_digest',
         language: 'language',
         role: valid_user_role.name
       }
@@ -185,8 +186,8 @@ RSpec.describe Api::V1::Migrations::ExternalController, type: :controller do
             expect(user.role).to eq(valid_user_role)
             expect(user.session_token).to be_present
             expect(user.provider).to eq('greenlight')
+            expect(user.password_digest).to eq(valid_user_params[:password_digest])
             expect(response).to have_http_status(:created)
-            expect(user.password_digest).to be_present
           end
 
           it 'creates the user without a password if provider is not greenlight' do
@@ -251,8 +252,8 @@ RSpec.describe Api::V1::Migrations::ExternalController, type: :controller do
             expect(user.role).to eq(valid_user_role)
             expect(user.session_token).to be_present
             expect(user.provider).to eq('greenlight')
+            expect(user.password_digest).to eq(valid_user_params[:password_digest])
             expect(response).to have_http_status(:created)
-            expect(user.password_digest).to be_blank
           end
         end
 
@@ -296,14 +297,17 @@ RSpec.describe Api::V1::Migrations::ExternalController, type: :controller do
           end
         end
 
-        context 'when providing a :provider or a :password' do
-          before { valid_user_params.merge!(password: 'Password1!') }
+        context 'when providing a valid :password_digest' do
+          before do
+            temp_user = create(:user, password: 'Password1!')
+            valid_user_params.merge!(password_digest: temp_user.password_digest)
+          end
 
           it 'returns :created and creates a user while ignoring the extra values' do
             encrypted_params = encrypt_params({ user: valid_user_params }, expires_in: 10.seconds)
-            expect { post :create_user, params: { v2: { encrypted_params: } } }.to change(User, :count).from(0).to(1)
+            expect { post :create_user, params: { v2: { encrypted_params: } } }.to change(User, :count).by(1)
 
-            user = User.take
+            user = User.find_by(email: valid_user_params[:email])
             expect(user.name).to eq(valid_user_params[:name])
             expect(user.email).to eq(valid_user_params[:email])
             expect(user.language).to eq(valid_user_params[:language])
@@ -311,7 +315,7 @@ RSpec.describe Api::V1::Migrations::ExternalController, type: :controller do
             expect(user.session_token).to be_present
             expect(user.provider).to eq(valid_user_params[:provider])
             expect(response).to have_http_status(:created)
-            expect(user.authenticate('Password1!')).to be_falsy
+            expect(user.authenticate('Password1!')).to be_truthy
           end
         end