Hello, I have a question about possibilities of using IPS to set large amounts of default passwords on an ongoing basis.

With many companies starting the mandatory migration to IAS/IPS for SuccessFactors, we are finding more that have large populations of "PWD" Password users with no real emails that still need to access the system. 

With CIS in place the mechanism to update passwords has moved to IAS and not in SF anymore where the old mass import tools are no longer applicable for an HR Admin to use.

If we need to update more than 50, 100, 300 passwords, how is this achievable realistically? IPS method for setting default passwords for all newly synced users would be the ideal process for the business over an outside API call or file import done every so often but concessions can be made. 

It seems file-based export of existing synced users and re-import CSV with an initial password I setup in a column does not work (anymore?). This was the "old" method available in SF and used by many that would now be gone switching to IAS. You could control the predictable password this way and pass them out per employee. 

We have reviewed the documentation and seems the most promising as it doesn't need an HR Admin to manually interfere and only follow a business process with rules you set in the transformations, but the rules are limited currently:
Set Up Default Passwords Using Transformations | SAP Help Portal

The last portion of this document is incomplete/inaccurate. It gives a title of "combining" fields and then only gives one field example. 

The other examples for a "predictable password" might work for some companies, to set it to their Employee ID but that could be risky to onboard 100s of password users and tell them their password is their Employee ID. At the moment our only consideration is trying to combine 2 of the fields and concat into their password field like FirstName+LastName or more fields, or something unique to the employee as possible, but even this does not completely pass security standards.

Is this currently the best or only option for automating the process for bringing in Password users? Whatever method we choose, the HR Admins/business still has to communicate to the user how to login, with what user, what password and build their job aids. 

The note 3001615 - How to mass update user password in Identity Authentication, seems incomplete as it says to use one API and then mentions it is deprecated and to explore the business hub to build your own API call from Postman. This is not exactly something I can hand an HR Admin as a replacement for what they could previously do in SF. 

Thanks for any input I appreciate all opinions on this discussion.