Hi Naveen,
Yes, as peter mentioned, if you don't want to bring a specific attribute to IDM through Initial load. Just disable that attribute.
In your case, its password attribute. By default in the standard initial load jobs, the MX_Password attribute is disabled. So the password from your AD/SAP system will not come into IDM.
So which password(s) the users will use to login into target systems (AD/SAP) after initial load ? What can be achieved with pass "update system privilege trigger attribute" which is available in initial load job ?
This answer for this depends on your configuration of user management in AS JAVA. If you have configured LDAP (AD) as backed, then the users will be able to login with the AD password.
Is it something like, IDM creates a default password on initial load which is sent back to target systems(from which initial load was done) which changes the password for the target systems to this new default password ?
No, IDM will not create anything by default, unless you configured to to so.
Can we handle this default password being sent to target systems with the help of this pass "update system privilege trigger attribute" in initial load? so that this default password is not sent to target systems ??
Since IDM will not create any deafult password, it will not send the same to target systems.
So if the default password is not sent back to target systems after initial load, then users will keep using their existing passwords for their login in the target systems. After that, If I need to assign UMEJAVA only privilege to the users, the password for the target systems will be changed with the default password being sent on email to the users. Since the password on AD is now changed, how the users gonna login into AD to check their emails for the
new password ?
From your query,I presume you have configured UMEJAVA with LDAP ADS as backed system. Correct me if I am wrong. For the users loaded through initial load to IDM from UMEJAVA, this privilge will be assigend during the initial load. Refer to the write users pass. So, you dont need to assign the privilege again.
For a new user cretaed in IDM and then assigned UMEJAVA only privilege, then you sould configure the system to set a default password. Since it is a default password you should force the user to change immediatly after first login.
You can read this for more information on password provisioning
And in case the users want to reset the password on their own, enable the password reset self service. For implementing the password reset self service look here .
All the best !!
~Krishna