The portal user is unable to log in NERM using the same credentials (password) that we provides when creating the portal user through the Rest API. If portal user has to reset the password before first time login then what is the purpose of password attribute during creating the portal user.
Have you tried to not send a password? I am only seeing that the body is required for the API docs. But for password is standard security practice for any user account to prevent unauthorized access. If a password was not set at creation then in theory the account could just be logged into.
Yes, I tried to create a portal user without and with password through the REST API. In both the scenario, the user cannot login into the NERM. He has reset his password through the Forgot option and set the new password.
Which would make since from a Security stand point. We would only want that user to know the password. Think of it like the first time you login to a work machine you have to update the password on first login. But in this case the user can not login to do the update. The way we have ours set up is that we send an invite to our portal users and when the set up the account that way they set their password. Might be something to look into.