When I tested this functionality (changing password with old password) I found that it doesn't touch necessary SSO details.
Imagine scenario where we have IDM system responsible for managing user passwords and we making integration with EEPC.
IDM is responsible also, inter alia, for change of AD domain password. And now user changes AD, EEPC and other passwords using IDM, makes ASCI and reboots.
At pre-boot screen is able to use new password but at windows logon will receive wrong password message as SSO details are invalid.
I know that when user types new password, SSO will be synced again, but this behavior is at least confusing and annoying (for long term use).
In fact there is also option to change password without old password but this will reset SSO details and lead to presenting windows logon after reboot.
I know this may be described in procedure for users, but the best way would be do be able also to change SSO details accordingly.
Is it possible in future versions?
There is also one problem:
How to automate agent wake-up after password change. There is no function to list systems to which particular user (this who actually changing password) is assigned.
May it would possible to do this using queries, but I don't know how, yet.