Today we integrate with IdPs via the macOS setup assistant and can use the IdP nameID to populate the user shortname when creating the first end user (local) account. We need to be able to constantly sync the password between the IdP and local user account to account for password resets within the IdP.
The pain right now is that end user passwords become out of sync with the IdP (where the user maintains their password) and the local macOS account.
Problem
Today we integrate with IdPs via the macOS setup assistant and can use the IdP nameID to populate the user shortname when creating the first end user (local) account. We need to be able to constantly sync the password between the IdP and local user account to account for password resets within the IdP.
The pain right now is that end user passwords become out of sync with the IdP (where the user maintains their password) and the local macOS account.