Use the POST /environments/{{envID}}/users/{{userID}}/password operation to force a reset of the password identified by the user ID and environment ID without the administrator supplying a password. The header requires a content type of application/vnd.pingidentity.password.forceChange. The request body is empty. When this request successfully executes, the user’s password status attribute value is changed to MUST_CHANGE_PASSWORD. The users existing password is unaffected.

This operation doesn’t allow for a self-change reset of the password. Instead, the user must change their password on their next sign on.