diff --git a/core/admin/mailu/api/v1/user.py b/core/admin/mailu/api/v1/user.py
index cc76d92c..11ab56d2 100644
--- a/core/admin/mailu/api/v1/user.py
+++ b/core/admin/mailu/api/v1/user.py
@@ -63,6 +63,7 @@ user_fields_put = api.model('UserUpdate', {
     'quota_bytes': fields.Integer(description='The maximum quota for the user’s email box in bytes', example='1000000000'),
     'global_admin': fields.Boolean(description='Make the user a global administrator'),
     'enabled': fields.Boolean(description='Enable the user. When an user is disabled, the user is unable to login to the Admin GUI or webmail or access his email via IMAP/POP3 or send mail'),
+    'change_pw_next_login': fields.Boolean(description='Force the user to change their password at next login'),
     'enable_imap': fields.Boolean(description='Allow email retrieval via IMAP'),
     'enable_pop': fields.Boolean(description='Allow email retrieval via POP3'),
     'allow_spoofing': fields.Boolean(description='Allow the user to spoof the sender (send email as anyone)'),
@@ -119,6 +120,8 @@ class Users(Resource):
             user_new.global_admin = data['global_admin']
         if 'enabled' in data:
             user_new.enabled = data['enabled']
+        if 'change_pw_next_login' in data:
+            user_new.change_pw_next_login = data['change_pw_next_login']
         if 'enable_imap' in data:
             user_new.enable_imap = data['enable_imap']
         if 'enable_pop' in data:
diff --git a/core/admin/mailu/manage.py b/core/admin/mailu/manage.py
index 4bbdb7f1..23d4d088 100644
--- a/core/admin/mailu/manage.py
+++ b/core/admin/mailu/manage.py
@@ -103,7 +103,8 @@ def user(localpart, domain_name, password):
     user = models.User(
         localpart=localpart,
         domain=domain,
-        global_admin=False
+        global_admin=False,
+        change_pw_next_login=True,
     )
     user.set_password(password)
     db.session.add(user)