Auth0 setting to force password reset after first login?

Very precisely, Is there a setting that I can provide for specific users so that they see a password reset form the first time they log in to the app?

Sure, I can send the password change ticket instead of sending the randomly generated password to the user and subsequently, asking him to log in and change the password but the legal at my firm are not up for it.


Just spitballing here … add an attribute like reset_password: true to the user’s profile, and add a rule (hook?) that looks for that attribute, redirecting them to the PW reset. PW reset will need to set reset_password: false. Not sure if this can actually be done.

1 Like

Nice idea but I don’t really think I can pop open the reset password dialog just because I couldn’t find how to do that. Saving the reset_password key and adding a rule part is clear. Redirecting to PW reset is not. Thanks anyway.

Hi, I have the same issue. Has any solution been suggested that could apply to this situation?

This would be really useful. I am having the same problem.

Hey there everyone!

Let me dive into it and see what we can do on that front! I’ll get back to you soon!


Sorry hugely for the delay in response. The only way I managed to find to sort it somehow is the rule we have:

You would just need to provide your own logic for forcing a change.

1 Like

Thank you for your answer.

I thought another way to force password reset.

I currently implement invitation function using Management API in steps below.

  1. create user(POST /api/v2/users, “verify_email”: False)
  2. create password change ticket( POST /api/v2/tickets/password-change, “mark_email_as_verified”: True)
  3. send email to user who is invited with password-change url.

Is it bad way?


Nope! It’s totally fine! Thanks for sharing it here too!

1 Like