Hey @TimBatist
My understanding is that the randomly generated invitation token string is obscured from the inviter by design and is only intended to be accessed by the invitee, such that the invitee would be the only user who would have access to their secret key and choose their own password.
Also, just to make sure that we're on the same page - the secret key on op account add will only be visible on the local device that the user has been added to just prior to signing in, rather than it being accessed on the client/user that has confirmed the invitation.
Also regarding this:
because we use password generation instead of letting the employee choosing a probably less secure password.
I'm not sure if this fits your use-case, but do have a password policy feature in our business tier accounts as well, in which the admins can set the length, and char set requirements (letters, numbers, and symbols) to ensure that the passwords can live up to expectations.
