Hi Esther,
There might be a technical solution way around which experts will share but here is what we did in our last project when we had the same situation. It was more of process change then technical solution.
1) Create a self service task for password reset (not SAP IDM passwors rest task <hostname>:port/idm/pwdreset)
2) Updated the password management process such that to enforce users to use self service tab to reset password for SAP landscape instead of prompt in local SAP system else with a warning that they have to live with different passwords for different systems.
Kind regards,
Jai