Using only an md5 hash on the password is not secure.
May I suggest using a salted password instead? There are techniques that can be used to migrate/patch existing password tables so as/when passwords are changed, the newy stored passwords are stored as salted hashes.
Info: http://crackstation.net/hashing-security.htm
Why this is important: http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords
What happens when you don't do this: http://www.computerworld.com/s/article/9227869/Hackers_crack_more_than_60_of_breached_LinkedIn_passwords
For this using SSO this is not an issue, except that admins will always likely remain at least one native-login account for admin access, and since this will be stored in the insecure hashed password form, it could put the entire installation in jeopardy.
Regards,
Chris