We're exploring an integration scenario between IBM FileNet and an Identity Provider (IdP) alongside existing LDAP-based authentication.

In our current setup, users can authenticate through either:

• LDAP (traditional directory-based login), or

• IdP (federated SSO/SAML/OIDC login)

The question is:

If the same user account exists in both LDAP and the IdP, is it possible for IBM FileNet to recognize these two authentication paths as a single unified user identity?

Specifically, we want to know whether FileNet can:

• Map the LDAP and IdP user entries to one unique user within FileNet,

• Ensure access to the same objects, privileges, and roles, and

• Maintain a shared inbox and task list (rather than creating duplicate user entries or separate worklists).

Any insights or best practices for achieving this unified identity handling - particularly around user mapping, directory synchronization, or SSO configuration - would be greatly appreciated.