When Identity Manager receives a password change notification, it starts the Synchronize User Password workflow. The default Synchronize User Password workflow checks out the ChangeUserPassword viewer, and then checks it back in again. Next, the workflow processes all of the resources accounts (except the Windows resource that sent the initial password change notification). Finally, Identity Manager sends the user email indicating whether the password change was successful on all resources.
If you want to use the default implementation of the Synchronize User Password workflow, assign it as the process rule for the JMS Listener adapter instance. Process rules may be assigned when you configure the JMS Listener for synchronization (see Configuring Active Sync).
If you want to modify the workflow, copy the $WSHOME/sample/wfpwsync.xml file and make your modifications. Then, import the modified workflow into Identity Manager.
Some of the modifications you might want to make to the default workflow include:
Which entities are notified when a password is changed.
What happens if an Identity Manager account cannot be found.
How resources are selected in the workflow.
Whether to allow password changes from Identity Manager.
For detailed information about using workflows, see Chapter 2, Workflow, in Sun Identity Manager Deployment Reference.