[SalesForce] How to prevent Apex-created users from having to change password on first login

I have Apex-code which generates new user accounts, and it specifies a user-provided password for the account.

On first login the users are prompted to change the password, which is a painful extra step in our current workflow.

How do I prevent users being forced to set a new password?

My Apex looks like this:

User usr = new User(
   <<fields populated>>                                           

// Set the DML options to prevent e-mail to new user
Database.DMLOptions dlo = new Database.DMLOptions();
dlo.EmailHeader.triggerUserEmail = false;

//Insert new user
Database.SaveResult sr = Database.insert(usr,dlo);
if (sr.isSuccess()) {   
    String errString = '';

try {
    //Get user Id
    Id usr_sfid = sr.getId();
    if (usr_sfid == null) 
        errString = 'Error setting password  (username: ' + username + ') - Could not get Id to set User pwd.';
        System.setPassword(usr_sfid, usr_password);   
catch(Exception e) {
    errString = 'Error setting password (username: ' + username + ')' + e.getMessage();

Best Answer

This is "Working as Designed" in terms of Salesforce functionality. Any time a new user is created or their password is reset, it's expected they'll be prompted to create a new password of their own choosing when they next log-in.

This is largely for security reasons should a user not receive the email they were sent or should it be sent to the wrong email address. These messages usually have an expiration date-time on them, after which the password that's included/embedded expires. Additionally, you don't want an email sitting around that someone else might be able to access at another time that contains a link which allows them to access the user's secure Salesforce Account.