blocking password provisioning in a specific target application
According to my requirements, it has to be possible to reset the password from the active directory (password hook) and IDM (self-service task).
The issue here is when the password is set from the AD, I would like to update all target applications except the AD.
In the same time, if the password is modified from IDM, it has to be provisioned everywhere (including AD).
So, Is there a way to not provision password in a specific application when MX_ENCRYPTED_PASSWORD attribute is set?
I know it's possible to deactivate this attribute Under task tab of the system privilege, but I don't see how can I use it.
Is there an operator (such as DIRECT_REFERENCE...) to not provision the password that is populated in a toIdentityStore pass for exemple?