When adding a user through the basic onboarding flow they get a temporary password, but we didn't set force password reset, meaning the user wouldn't necessarily have to change the temp password.

packages/builder/src/pages/builder/portal/manage/users/_components/BasicOnboardingModal.svelte

@@ -16,7 +16,13 @@
     admin = false
 
   async function createUser() {
-    const res = await users.create({ email: $email, password, builder, admin })
+    const res = await users.create({
+      email: $email,
+      password,
+      builder,
+      admin,
+      forceResetPassword: true,
+    })
     if (res.status) {
       notifications.error(res.message)
     } else {

packages/builder/src/stores/portal/users.js

@@ -35,12 +35,21 @@ export function createUsersStore() {
     return await response.json()
   }
 
-  async function create({ email, password, admin, builder }) {
+  async function create({
+    email,
+    password,
+    admin,
+    builder,
+    forceResetPassword,
+  }) {
     const body = {
       email,
       password,
       roles: {},
     }
+    if (forceResetPassword) {
+      body.forceResetPassword = forceResetPassword
+    }
     if (builder) {
       body.builder = { global: true }
     }