How to enforce the VPN User to change the password as per our password policy after their first login

My Objective is I need to enforce the user to set the password based on the below policy for their VPN.

The password must:

a)be made up of a minimum of eight alphanumeric characters, containing at least one letter and one numeral; b)be changed at least every 90 days ( except for accounts used in e-Services by members of the public); c)not allow the password to be reused for at least three generations of password; d)not be displayed in clear; e)be encrypted during transmission and in storage; f)be locked out at a maximum of six failed attempts; g)be protected against dictionary or brute-force attack; h)be changed upon the first login; and i)not be the same as the account ID or user ID.

So you're using localdb? I mean, localdb is the only authentication method where the BIG-IP actually even knows the password. If you are using any other auth method, you need to set your password enforcement policy on the AAA server.

is there any possible solution if we use local db?