Kentico CMS allows you to write a custom authentication provider. In this way, the provided user name and password are checked against an external user profile source/authentication source and if the user is successfully authenticated, the user account is automatically created/updated in the Kentico CMS database, without copying the user password.
You can learn more about custom authentication in chapter Security handler (CustomSecurityHandler class).