Jamf Connect - Enforced password resets

New Contributor III

I am looking at the most elegant way to force users to reset their passwords.

At the moment the login window is set to Local Login, and users can hit "Cancel" to switch to the Identity Provider UI to login/create a local account. 

I want to be able to push out a different Jamf Connect configuration which forces the user to login with the Identity Provider UI, hence forcing the password change via that UI. 

I assume I need to create a group/smart group that I can add users to which gets excluded on the original profile and included in the new profile, once its completed..some kind of check to remove the user from both policies so they get the original policy again. 

Any ideas around this would be great.