i used IDM VApp14.1. There are 2 attribute in IDM that UID and LoginID.
If the uid is the unique key in IDM.
e.g. create new user with uid > orawan.t and loginID > orawan.t. i used loginID to login to IDM.
next few month i rename to orawan example so my loginid suppose to be change to orawan.e with the old uid
uid > orawan.t and new loginID > orawan.e
Is it possible to change the loginID whenever user change their name?
I map loginID in IDM with SamAccountname in AD?
Are there anyway to update the samAccountname when loginID has been change?
You look at using a PX Policy to update an attribute (i.e. LoginID) when another attribute is changed however this could impact the system if you have any type of membership policies that reference that original LoginID value so there is some risk in that.
You mentioned that you map loginID in IM to samAccountName in AD. This is not clear to me. Do you mean via Account Template? Account Template propagation would not update the AD samAccountName so that part of it would also need to be done via PX Policies and/or out of band process and you would need to ensure that the template rulestring evaluation still resolves to the correct current value.
Yes, through template mappings we can only create AD account with sAMAccountName but cannot update. We have to use PX to update AD endpoint account. This is same for userPrincipalName too.