Creating Users in a UAA Instance

You can create users locally in UAA for authentication and assign them to the required groups from the UAA dashboard.

Before you begin

About this task

When you create a UAA instance, an admin client is automatically created for you so that you can configure your UAA instance. The admin client is assigned all the required authorities and scopes by default.

Note: The admin client is not assigned the authority to be able to change the user password by default. If you need the ability to update or change the user password, you must add the uaa.admin authority to your admin client. You can use the UAA command-line interface (UAAC) to add the uaa.adminauthority to your admin client. For more information on installing the command-line interface, see https://github.com/cloudfoundry/cf-uaac.

If you prefer using the UAAC to create the users, see t_using_uaac_to%20create_users.html#task_j3f_mbl_rdb.

Use the following procedure to create users locally through the UAA dashboard.

Procedure

In the Console view, select the Space where your services are located.
In the Services Instances page, select the UAA instance that you need to configure.
Select the Configure Service Instance option.
In the UAA Dashboard login page, specify your admin client secret and click Login.
In the UAA Dashboard, select the User Management tab.
The User Management tab has two sections, Users and Groups. The Groups section displays the groups that you created in your UAA instance.
Click on the Create User button to open the New User form.

Specify the following values in the New User form:


Field	Description
Regular User	Choose this option to set up local users in your UAA. The Regular User is not configured through any external Identity Provider (IdP).
Shadow User	Choose this option to create a local user in UAA corresponding to the user defined in your external IdP. The Shadow User option is useful if you need to white list users to authenticate only a subset of users setup in your identity provider. To setup individual shadow users, ensure that the option to create shadow users is not selected while configuring a new IdP.
User Name	Specify the user name. If you are setting up a shadow user, this value must match the user name defined in your IdP.
Email	Specify the email address. If you are setting up a shadow user, this value must match the user name defined in your IdP.
Password	Specify the password. An administrator can set password policies to define the permitted structure of the password. For more information, see t_creating_password_policy.html#task_gdk_f43_fx. This option is not required if you are setting up a shadow user.
Given Name	Specify the first name of the user.
Family Name	Specify the last name of the user.
Origin	Specify the name of the IdP that this user is configured in. The Origin option is available only if you are setting up a Shadow user.
Groups	Select the groups to associate the user with. For more information on groups, see t_creating_groups_in_uaa_instance.html#task_vgj_vcy_1x.
Active	Select this option to allow your Regular or Shadow user to login.
Verified	Select this option to indicate that this Regular or Shadow user is a verified user. Verified users are the users who are verified using an autogenerated email invite sent from UAA at the time of account creation.