What is the best way to require users to change their password once a year? I have been attempting to redirect users to the reset-password page from within an Auth0 rule that checks the last time a user changed their password. I generate the ticket number for the query string parameter using the Auth0 Management API but when I try to redirect there from the Auth0 rule, it instead takes me to a different link under the production tenant even though my rule is within the development tenant.
Is there an easier way to do this? How do you manage enforcing a password reset for your users after a certain time period?