diff --git a/server/core/src/https/generic.rs b/server/core/src/https/generic.rs
index 28f5907a0..ce8eb9119 100644
--- a/server/core/src/https/generic.rs
+++ b/server/core/src/https/generic.rs
@@ -1,10 +1,11 @@
 use axum::extract::State;
 use axum::http::header::CONTENT_TYPE;
-use axum::response::IntoResponse;
+use axum::response::{IntoResponse, Redirect};
 use axum::{Extension, Json};
 use kanidmd_lib::status::StatusRequestEvent;
 
 use super::middleware::KOpId;
+use super::views::constants::Urls;
 use super::ServerState;
 
 #[utoipa::path(
@@ -50,3 +51,15 @@ pub async fn robots_txt() -> impl IntoResponse {
         ),
     )
 }
+
+#[utoipa::path(
+    get,
+    path = Urls::WellKnownChangePassword.as_ref(),
+    responses(
+        (status = 303, description = "See other"),
+    ),
+    tag = "ui",
+)]
+pub async fn redirect_to_update_credentials() -> impl IntoResponse {
+    Redirect::to(Urls::UpdateCredentials.as_ref())
+}
diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 049c62e00..645f35202 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -251,7 +251,11 @@ pub async fn create_https_server(
         .merge(oauth2::route_setup(state.clone()))
         .merge(v1_scim::route_setup())
         .merge(v1::route_setup(state.clone()))
-        .route("/robots.txt", get(generic::robots_txt));
+        .route("/robots.txt", get(generic::robots_txt))
+        .route(
+            views::constants::Urls::WellKnownChangePassword.as_ref(),
+            get(generic::redirect_to_update_credentials),
+        );
 
     let app = match config.role {
         ServerRole::WriteReplicaNoUI => app,
diff --git a/server/core/src/https/views/constants.rs b/server/core/src/https/views/constants.rs
index 55c5f84aa..8e4167941 100644
--- a/server/core/src/https/views/constants.rs
+++ b/server/core/src/https/views/constants.rs
@@ -21,17 +21,16 @@ impl std::fmt::Display for UiMessage {
     }
 }
 
-#[allow(dead_code)]
 pub(crate) enum Urls {
     Apps,
     CredReset,
-    CredResetError,
     EnrolDevice,
     Profile,
     UpdateCredentials,
     Oauth2Resume,
     Login,
     Ui,
+    WellKnownChangePassword,
 }
 
 impl AsRef<str> for Urls {
@@ -39,13 +38,13 @@ impl AsRef<str> for Urls {
         match self {
             Self::Apps => "/ui/apps",
             Self::CredReset => "/ui/reset",
-            Self::CredResetError => "/ui/reset/err",
             Self::EnrolDevice => "/ui/enrol",
             Self::Profile => "/ui/profile",
             Self::UpdateCredentials => "/ui/update_credentials",
             Self::Oauth2Resume => "/ui/oauth2/resume",
             Self::Login => "/ui/login",
             Self::Ui => "/ui",
+            Self::WellKnownChangePassword => "/.well-known/change-password",
         }
     }
 }
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index e4b5bcfa1..cefb475d6 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -17,7 +17,7 @@ use kanidmd_lib::{
 use crate::https::ServerState;
 
 mod apps;
-mod constants;
+pub(crate) mod constants;
 mod cookies;
 mod enrol;
 mod errors;