Using UAAC to Create Users in a UAA Instance

Optional procedure to create users in a UAA instance using the UAAC instead of UAA dashboard. .

About this task

For applications accessing your UAA instance, you can create additional clients and users with required scopes.

Note: The admin client is not assigned the authority to be able to change the user password by default. If you need the ability to update or change the user password, you must add the uaa.admin authority to your admin client. You can use the UAA command-line interface (UAAC) to add the uaa.adminauthority to your admin client. For more information on installing the command-line interface, see https://github.com/cloudfoundry/cf-uaac.

Procedure

Create a new user.

uaac user add <my-user> --emails <my_user>[email protected] --password <my_password>

Create the groups in your UAA instance.
For more information on available groups, see https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#scopes-authorized-by-the-uaa.

For example:
```
uaac group add scim.read
uaac group add scim.write
```

Add the new user to the required groups.

For example:

uaac member add zones.<my_uaa_instance>.admin <my-user>
uaac member add scim.read <my-user>
uaac member add scim.write <my-user>
uaac member add clients.write <my-user>
uaac member add clients.read <my-user>
uaac member add clients.admin <my-user>
uaac member add clients.secret <my-user>

Verify that the user is created with the correct scope.

uaac token owner get <my-oauth-client> <my-user>
uaac token decode