diff --git a/meet-ce/backend/openapi/components/requestBodies/internal/reset-password-request.yaml b/meet-ce/backend/openapi/components/requestBodies/internal/reset-password-request.yaml
new file mode 100644
index 00000000..9ca9a5f5
--- /dev/null
+++ b/meet-ce/backend/openapi/components/requestBodies/internal/reset-password-request.yaml
@@ -0,0 +1,12 @@
+description: Reset user password request
+required: true
+content:
+    application/json:
+        schema:
+            type: object
+            properties:
+                newPassword:
+                    type: string
+                    minLength: 5
+                    description: The new temporary password for the user.
+                    example: 'newSecurePassword123'
diff --git a/meet-ce/backend/openapi/components/responses/internal/success-change-password.yaml b/meet-ce/backend/openapi/components/responses/internal/success-change-password.yaml
index bb27dca2..592f68cc 100644
--- a/meet-ce/backend/openapi/components/responses/internal/success-change-password.yaml
+++ b/meet-ce/backend/openapi/components/responses/internal/success-change-password.yaml
@@ -7,3 +7,11 @@ content:
                 message:
                     type: string
                     example: Password for user 'admin' changed successfully
+                accessToken:
+                    type: string
+                    description: >
+                        The access token to authenticate the user in subsequent requests. Only present when password had to be changed.
+                refreshToken:
+                    type: string
+                    description: >
+                        The refresh token to obtain a new access token when the current one expires. Only present when password had to be changed.
diff --git a/meet-ce/backend/openapi/components/responses/internal/success-reset-password.yaml b/meet-ce/backend/openapi/components/responses/internal/success-reset-password.yaml
new file mode 100644
index 00000000..f0464848
--- /dev/null
+++ b/meet-ce/backend/openapi/components/responses/internal/success-reset-password.yaml
@@ -0,0 +1,9 @@
+description: Successfully changed user password
+content:
+    application/json:
+        schema:
+            type: object
+            properties:
+                message:
+                    type: string
+                    example: Password for user 'alice_smith' has been reset successfully. User must change password on next login.
diff --git a/meet-ce/backend/openapi/components/responses/internal/success-user-login.yaml b/meet-ce/backend/openapi/components/responses/internal/success-user-login.yaml
index a31f56f9..74e87a15 100644
--- a/meet-ce/backend/openapi/components/responses/internal/success-user-login.yaml
+++ b/meet-ce/backend/openapi/components/responses/internal/success-user-login.yaml
@@ -15,3 +15,8 @@ content:
                     type: string
                     description: >
                         The refresh token to obtain a new access token when the current one expires.
+                mustChangePassword:
+                    type: boolean
+                    example: true
+                    description: >
+                        Indicates whether the user must change their password after login. Only present if password change is required.
diff --git a/meet-ce/backend/openapi/openvidu-meet-internal-api.yaml b/meet-ce/backend/openapi/openvidu-meet-internal-api.yaml
index 0840e5b0..3aa7b7a4 100644
--- a/meet-ce/backend/openapi/openvidu-meet-internal-api.yaml
+++ b/meet-ce/backend/openapi/openvidu-meet-internal-api.yaml
@@ -24,6 +24,8 @@ paths:
         $ref: './paths/internal/users.yaml#/~1users~1change-password'
     /users/{userId}:
         $ref: './paths/internal/users.yaml#/~1users~1{userId}'
+    /users/{userId}/password:
+        $ref: './paths/internal/users.yaml#/~1users~1{userId}~1password'
     /config/webhooks:
         $ref: './paths/internal/meet-global-config.yaml#/~1config~1webhooks'
     /config/webhooks/test:
diff --git a/meet-ce/backend/openapi/paths/internal/api-keys.yaml b/meet-ce/backend/openapi/paths/internal/api-keys.yaml
index bfeae019..7708f084 100644
--- a/meet-ce/backend/openapi/paths/internal/api-keys.yaml
+++ b/meet-ce/backend/openapi/paths/internal/api-keys.yaml
@@ -15,9 +15,9 @@
             '201':
                 $ref: '../../components/responses/internal/success-create-api-key.yaml'
             '401':
-                $ref: '../components/responses/unauthorized-error.yaml'
+                $ref: '../../components/responses/unauthorized-error.yaml'
             '403':
-                $ref: '../components/responses/forbidden-error.yaml'
+                $ref: '../../components/responses/forbidden-error.yaml'
             '500':
                 $ref: '../../components/responses/internal-server-error.yaml'
     get:
@@ -36,9 +36,9 @@
             '200':
                 $ref: '../../components/responses/internal/success-get-api-keys.yaml'
             '401':
-                $ref: '../components/responses/unauthorized-error.yaml'
+                $ref: '../../components/responses/unauthorized-error.yaml'
             '403':
-                $ref: '../components/responses/forbidden-error.yaml'
+                $ref: '../../components/responses/forbidden-error.yaml'
             '500':
                 $ref: '../../components/responses/internal-server-error.yaml'
     delete:
@@ -54,8 +54,8 @@
             '200':
                 $ref: '../../components/responses/internal/success-delete-api-key.yaml'
             '401':
-                $ref: '../components/responses/unauthorized-error.yaml'
+                $ref: '../../components/responses/unauthorized-error.yaml'
             '403':
-                $ref: '../components/responses/forbidden-error.yaml'
+                $ref: '../../components/responses/forbidden-error.yaml'
             '500':
                 $ref: '../../components/responses/internal-server-error.yaml'
diff --git a/meet-ce/backend/openapi/paths/internal/users.yaml b/meet-ce/backend/openapi/paths/internal/users.yaml
index da6c9c32..19b4840b 100644
--- a/meet-ce/backend/openapi/paths/internal/users.yaml
+++ b/meet-ce/backend/openapi/paths/internal/users.yaml
@@ -166,3 +166,30 @@
                 $ref: '../../components/responses/internal/error-user-not-found.yaml'
             '500':
                 $ref: '../../components/responses/internal-server-error.yaml'
+/users/{userId}/password:
+    put:
+        operationId: resetUserPassword
+        summary: Reset user password
+        description: >
+            Allows an admin to reset the password of a specific user.
+        tags:
+            - Internal API - Users
+        security:
+            - accessTokenHeader: []
+        parameters:
+            - $ref: '../../components/parameters/internal/user-id-path.yaml'
+        requestBody:
+            $ref: '../../components/requestBodies/internal/reset-password-request.yaml'
+        responses:
+            '200':
+                $ref: '../../components/responses/internal/success-reset-password.yaml'
+            '401':
+                $ref: '../../components/responses/unauthorized-error.yaml'
+            '403':
+                $ref: '../../components/responses/forbidden-error.yaml'
+            '404':
+                $ref: '../../components/responses/internal/error-user-not-found.yaml'
+            '422':
+                $ref: '../../components/responses/validation-error.yaml'
+            '500':
+                $ref: '../../components/responses/internal-server-error.yaml'