If Identity Applications are configured to use a non-administrator user as an Identity Vault Administrator, the non-administrator user must have [write] rights to the oidpInstanceData attribute in the subtree where the users reside. Otherwise, OSP logins can fail.
To set the write rights on the oidpInstanceData attribute for a non-administrator user:
Log in to iManager.
In the Roles and Tasks view, click select Rights > Modify Trustees.
Select the non-administrator user object, then click Add Trustee.
For oidpInstanceData attribute, set the Compare, Read, and Write rights.
Click Apply to save and apply your changes.