Managing Git lab users from external system

We have an external Application that manages GitLab Users. It uses the API to create user assign them to projects, sets their password, etc. Works ok, but Users receive emails when the external System changes their password also users are still able to change their passwords.

Does anyone know a way to suppress the “Admin changed your password email” and/or how to disable that user can change their password? I could not find anything about that.

Any other ideas, maybe configuring Gitlab to authenticate users via Oauth or similar via the external application? Then the account needs to be created without the user login though or it would need to be automatically triggered. You think that would be possible/ a good idea.

Any help/ideas is appreciated.