I have a question regarding the user stores in Cisco ACS 5.6. We currently use the ACS User Identity Store to create users which use radius authentication to login to our VPN via the AnyConnect client. We use a Cisco ASA for the VPN server. I would like to force a certain group of ACS users to change their password the next time they login to the VPN. In their ACS account there is a "Change Password On Next Login" box that I have checked on a particular user to test this option. I logged into the VPN and was not prompted to change any password. I logged off the VPN and back and still did not get prompted to change the password. Am I missing something with this feature?