When a new user is added to a sub-acount, the email that they get is system generated with the subject line of: "Activate Your Account | <location.name>". The email has their email address (username) and a button to login.

From here, the first experience a user gets with the platform falls apart...

Generally speaking, no-one is going to input a password when creating a new user. So, the new user can't log in. Even if they did add a password for the new user, they now have to go the extra steps to get that password to the user.

So, as it stands, one of the following has to occur AFTER creating a new user:

... either way, these options are ridiculous and really leave a bad experience for new users.

A newly created user should have an auto-generated verification token and the system generated email should include that in the initial login url. Once the token is used (i.e., first page visit) it is no longer valid. But the presence of that token routes the user to a 'create a password' page... Honestly, this is web app 101 stuff nowadays.