Hi @Carol Lai · Thank you for reaching out.
I am suspecting the account that you have created using Graph API is created with a temporary password, which is marked as expired and must be changed at first sign-in.
To allow force password change via B2C User Flow, you need to:
Open B2C_1_signupsignin1 User Flow > Properties > Under Password Configuration section > Select the checkbox for Forced password reset (Preview)
Once this is done, try to signin using same account and you should be presented with below screen to set a permanent password for the user account.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.