Use the POST /environments/{{envID}}/users/{{userID}}/password operation to force a reset of the password identified by the user ID and environment ID without the administrator supplying a password. The header requires a content type of application/vnd.pingidentity.password.forceChange. The request body is empty. When this request successfully executes, the user’s password status attribute value is changed to MUST_CHANGE_PASSWORD. The users existing password is unaffected.

This operation doesn’t allow for a self-change reset of the password. Instead, the user must change their password on their next sign on.

Note: For an administrative reset, the password becomes unlocked, but other account lockout mechanisms are not unlocked. For example, if the account has been locked through an explicit application/vnd.pingidentity.account.lock+json request on the user, the account will still be locked after administrative reset.