After creating a user, a password reset email is sent to the user . they should be forced to change their password if they attempt to log in with those temp credentials
If there is a logged-in user ( user obj in local storage ) and if the user follows the password reset link, they won't be taken to the appropriate page because these pages are hidden for logged-in users. The current logged-in user must be forced out or something similar
Get verification link or temp password - If the user did not get the E-mail notification or lost email - they should be able re-request [ impose max limit per 5 mins or so ]
Bulk Edit and delete functionality for managing users