Page Comparison

Creating a new user using the management console

Follow the instructions below to add a new user account and configure its role.

1. On the Main tab in the Management Console, click Add under Users and Roles.
2. Click Users. This link is only visible to users with the Admin role. 

3. Click Add New User. The following screen appears.
   

   Warning
   Do not use the special character, "#" while defining any of the user naming attirbutes since it is reserved for a specific functionality. This condition applies across all user stores.

   Info
   When giving a username, it should not contain backslash (“/”) or any special character ("&", "$", "%") as specified in user-mgt.xml in <IS_HOME>/repository/conf under <Property name="UsernameJavaRegEx">

4. Do the following:
   
   1. In the Domain list, specify the user store where you want to create this user account. This includes the list of user stores you configured. See Configuring the Realm for more information.
   2. Enter a unique username and the password that the person will use to log in. By default, the password must be at least five characters. 
   3. If you need to assign a role to user, Click Next and go to step 5, or Click Finish to end the flow.
5. Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.
6. Click Finish.

A new user account is created with the specified roles and is listed on the Users page.

Assigning roles to the user

1. On the Main tab in the Management Console, click List under Users and Roles.
2. Click Users. This link is only visible to users with the Admin role. 
3. Click the Assign Roles link that corresponds to the user you want to assign to a role. 
   
4. Select the role(s) you want to assign and click Update. 
5. Click Finish. 

The user is assigned to the specified roles. You can view a user's roles by clicking on the View Roles link on the user list. 

Creating new users using the ask password option

See the Creating users using the ask password option page for guidance on user creation using the ask password option.

Creating new users using SCIM

Instead of creating the user through the management console, it can also be done using a SCIM request as seen below.

<Property name="SCIMEnabled">true</Property>

curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","password":"password","emails":[{"primary":true,"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

{"id":"0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"familyName","givenName":"givenName"},"userName":"username","emails":[{"value":"wso2_home.com","type":"home"},{"value":"wso2_work.com","type":"work"}],"meta":{"lastModified":"2016-01-25T11:44:14","location":"https://localhost:9443/wso2/scim/Users/0d2714d0-6a33-4ddd-b4e0-612584c4a8c8","created":"2016-01-25T11:44:14"}} 

Creating new users using SOAP

The user can also be created by calling the RemoteUserStoreManager service. If you are new to admin services, see Calling Admin Services.

1. Disable the hidden admin service property in the <IS_HOME>/repository/conf/carbon.xml file. 
   Bydefault the admin services are disabled as it is not recommended to expose these URLs to users. However, it can be enabled if it needs to be accessed by the administrators.

   Code Block
   <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

2. Open the following Admin Service from SOAP UI: https://localhost:9443/services/RemoteUserStoreManagerService?wsdl 
   

   Info
   If you have ocnfiguredWSO2 IS to use an IP or hostname, replace localhost with your IP or hostname.

3. Call the addUser() method to create the user and make sure to give the email address of the user. This is similar to the following SOAP request.

   Code Block
   language xml title SOAP Request
   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <ser:addUser> <ser:userName>username</ser:userName> <!--Zero or more repetitions:--> <ser:roleList>admin</ser:roleList> <!--Zero or more repetitions:--> <ser:claims> <xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI> <xsd:value>wso2demomail@gmail.com</xsd:value> </ser:claims> <ser:profileName>default</ser:profileName> <ser:requirePasswordChange>true</ser:requirePasswordChange> </ser:addUser> </soapenv:Body> </soapenv:Envelope>

   Note
   There will be no SOAP response as this is a one way SOAP operation. You can check successful creation of the user account using the management console by clicking Users and Roles>Users>List under the Configure section.

curl -v -k --user {IS_USERNAME}:{IS_PASSWORD}  -X PATCH -d '{"schemas":[],"name":{"familyName":"{LAST_NAME}","givenName":"{FIRST_NAME"},"userName":"{USERNAME","emails": "{EMAIL"}' --header "Content-Type:application/json" https://{IS_IP}:{IS_PORT}/wso2/scim/Users/{SCIM_USER_ID}

curl -v -k --user admin:admin -X PATCH -d '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"hasini@wso2.com","type":"work"},{"value":"hasi7786@gmail.com","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/0032fd29-55a9-4fb9-be82-b1c97c073f02