@brucellino thanks,
No, I don't want to change the setup at all but I was wondering how this fixed our problem of "reset forgotten password" at the IDP web page. of course, as per what I understand now through your explanation then automatically without changing or assign useradmin to the admin group could be able to manage and let users do their stuffs.
Please advise if what I did (even although seems to fix our problem) will have any effect.
Rgds,