I'm running Unity 3.1(3) and read the post a few days ago about the options for unityDomain/accounts vs. corpDomain/accounts in terms of login access.
I understand the preferred option is to let users access AA by authenticating with a username/password in the unityDomain from the web page. No problem.
However, users can't change the login password, they can only change the phone password which is something else entirely. The effect of this is that everybody has the same password (which they get from the default template when their account is created).
\ctrl-alt-del\ \change_password\ does not work when you type in the Unity domain - it just returns an error that the unityDomain is not available.
Am I missing something? If everybody has the same password, what's the point in authenticating? It seems to me the only option is is to grant access to the corpDomain/username. That seems like a lot of maintenance.