I’m linking to another community article that offers a couple options to handle this type of situation.
In that post you can either leverage our Rules to redirect the Users and force a password change. Alternatively you could create the user with their ‘email_verified’ field send an email with a change-password URL (more information on that process can be found in the link).
Let me know if that helps cover your use-case.
Best,
Colin