I'm attempting to rework this KB a little bit:
https://support.oneidentity.com/kb/320795/how-to-enforce-a-specific-value-for-user-must-change-password-at-next-logon-when-using-the-active-roles-web-interface
Original code
First I tried:
https://support.oneidentity.com/active-roles/kb/186689/how-to-block-access-to-password-options