I’ve temporarily solved this by adding a workflow to the login page that retrieves the current user and if they’re accepted the terms and conditions. If they haven’t, they’re routed to the change password page.
It’s only a temporary solution because:
Users could received the link AND not accepted the T&Cs, then are routed to the change password page.
I’m worried the change password process will require another fix. If users are always redirected to the Login page, I can’t send them to change password page, which requires an additional workflow…
I’ll keep this open since I wouldn’t consider this a solution. Would love to hear other ideas!