Nice work on getting this far. The authentication policy is linked to a content provider.
What you are seeing is that your default content provider is linked to the OpenIAM ID.
The content provider is mapped to a URL or domain. In this way
local.company.com will map to one managed system-id
idm.ompany.com can be configured to map to another
You cant use both managed system identities at the same time.
Regarding password synch – are both your managed system configurations active? or only one of them?