Hi Soma

The sole purpose of password migration is to provide a smooth user experience for your PWD login users once you execute the IAS activation in the upgrade center. You can review further details in

SAP help portal

Regarding your first question, ALL users have to be migrated to IAS (the standard filter sf.user.filer usually considers active users and no additional filters).

Currently in your SF instance if you have SSO active you'll probably have a set of users (around 90%-95%) using SSO. These users have the attribute "loginmethod" set to SSO in SSFF. These users do not need any password since you'll probably establish a trust to your IDP in IAS and those users will be using SSO. The difference now is that they will have IAS in the middle of the process (SF->IAS->IDP) but depending on the configuration scenario the users won't even notice that IAS is in the middle).

For the rest (5-10%) you should provide them some mechanism to configure IAS password. This could be Manually (admin sets passwords in IAS and notify users), via email activation or using password migration.

Regarding your second question, it depends if you want to use SSO or not. If you're currently not using it, it might be a good opportunity to configure it.

In case you have users using PWD "loginmethod" those users MUST authenticate via IAS using a IAS password (SF password is not considered anymore). In order to have a smooth transition for the users you can configure pwd migration so the first time the user login with IAS, a validation is performed against the current SF password and from then IAS manages the users PWD. Whatever you do in the PWD from SF will be irrelevant.

I encourage you to join IAS Open Hours meetings to raise your questions regarding IAS migration

IAS open office hours

Diego