How would handle a strategy to force a user to change his password upon 1st login ?
I will import thousands of users with some one-time-password.
I want to force them to change their password upon their 1st login.
This users do not have access to the email (which is a username).
Similar to the backend, you could add password_expires_at and then set this to a date in the future. Then during the login, check the date and show a screen to change the password. This could be a CMS component on the layout that prevents every page from displaying until the password_expires_at is a time in the future again.
thanks @daft that’s a good idea.
I didnt think about a global cms component at the layout level to do the expiry date checkin.
I started to elaborate with an account proxy page that will follow immediately after a login.
But it does not account for all the other page indeed.