I linked this issue cli create doesn't send email but I think it has bearing on @cifvts design suggestion above.
Quoted from above:
"""
What I'd really love to see happen as a workflow is:
platform -create_user -team_name="myteam" -email="foo@bar.com" -generate_password
< system creates user, generates random password, expires password, sends password in confirmation email >
User logs in, puts in generated password, changes password, away they go.
"""
Thanks!