The point of SSO is that you no longer have to decide that. The identity service provider create the rules for when the passwords should change and the rules for those passwords not you or the Mendix application. And for Mendix SSO these rules can be set in the control center. So check with your company admins that have access to the Mendix control center.

Regards,

Ronald

Hey belle, how is it going over there ahah?! 

The point of SSO is that you use one account to login to multiple applications. If you change this password, this will also change for the other aopplications. Is this what they want?  If your account comes from an identity provider. Your passwordData is not stored in Mendix, or at least, we should not do anything with it. If you change the password in mendix, it is only saved in mendix. But while logging in, the password is checked against an active directiory which is not in mendix. So changing the password in mendix doesn't make any sense. 

If you want to change the password on the side of the Identity providor, you'd need API's to change the password. Or the Identity providor needs to have a userflow where you can be redirected to, sothat you can change it on their server. But i doubt this is what the customer wants. 

If they want the password to match some new requirments, they should handle that on their identityprovider side.