Skip to content

Adding Users

Users are consumers who interact with your enterprise's applications, databases or any other systems. These users can be persons, devices or applications/programs within or outside of the enterprise's network. Since these users interact with internal systems and access data, the need to define which user is allowed to do what, is critical. This is called user management.

Follow the steps below to create users and assign them to roles via the Management console. Also, if you want to authenticate users via e-mail , social media , multiple user store attributes , see Maintaining Logins and Passwords .

  1. Log in to the Management Console ( https://<hostname>:9443/carbon ) and click Add under Users and Roles in the Main menu.

  2. Click Add New User .

  3. The Add User page opens. Provide the username and password and click Next .

    !!! info

    Tip : The Domain drop-down list contains all user stores configured in the system. By default, you only have the PRIMARY user store. To configure secondary user stores, see Configuring Secondary User Stores .

  4. Select the roles you want to assign to the user. In this example, we assign the creator role defined in the previous section.

    !!! info

    By default, all WSO2 products have the following roles configured:

    • Admin - Provides full access to all features and controls. By default, the admin user is assigned to both the Admin and the Everyone roles.
    • Internal/Everyone - Every new user is assigned to this role by default. It does not include any permissions.
    • Internal/System - This role is not visible in the Management Console.

    In addition to the above, the following roles exist by default.

    1. Internal/creator
    2. Internal/publisher
    3. Internal/subscriber

    Note that there may be more roles configured by default depending on the type of features installed in your product.

  5. Click Finish to complete. The new user appears in the Users list. You can change the user's password, assign it different roles or delete it.

    !!! note

    You cannot change the user name of an existing user.

Accessing the Admin Dashboard

The Admin Dashboard is intended to be used by API Manager admins. The admin user has special permissions specified in the /permission/admin/manage/apim_admin directory. If a new user needs to access the admin dashboard, follow the steps below:

  1. Create a user.
  2. Create a new role. For more information, see Adding User Roles .
  3. Assign the following permissions to the new role you just created: /permission/admin/manage/apim_admin and /permission/admin/configure/login . ****
  4. Assign the role created in step 2, to the user created in step 1.

Now this user is able to login and perform administrative tasks using the Admin Dashboard.

admin_Configuring Users

User management functionality is provided by default in all WSO2 Carbon-based products and is configured in the user-mgt.xml file found in the <PRODUCT_HOME>/repository/conf/ directory. The instructions given in this topic explain how you can add and manage users from the management console.

To enable users to log into the management console, you create user accounts and assign them roles, which are sets of permissions. You can add individual users or import users in bulk.

/**/ Adding a new user and assigning roles Importing users Creating a file with users Importing users from the CSV/Excel file Customizing the user's roles and permissions Customizing a user's profile Deleting an existing user

Adding a new user and assigning roles


Add the GetRoleListOfInternalUserSQL property within the <Realm> section in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file as shown below, to avoid case sensitivity issues when creating users.


Follow the instructions below to add a new user account and configure its role.

  1. On the Main tab in the management console, and click Add under Users and Roles .
  2. Click Users . This link is only visible to users with the Admin role.
  3. Click Add New User . The following screen will open:
  4. Do the following:
    1. In the Domain list, specify the user store where you want to create this user account. This list includes the primary user store and any other secondary user stores that are configured for your product. For information on configuring user stores, see Configuring User Stores .
    2. Enter a unique username and the password that the person will use to log in. By default, the password must be at least five characters and should have at least one character with a capital letter, characters, numbers and special characters.
    3. Click Next .
  5. Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name.
  6. Click Finish .

A new user account is created with the specified roles and is listed on the Users page.

Importing users

In addition to creating users manually, user information stored in a CSV or Excel file can be imported in bulk to a user store configured in your WSO2 product. This possibility is only available if you have a JDBC user store configured for your product .


Note the following before you use this feature:

  • The option to import users in bulk is enabled in your product by default. If not, you can enable it by adding the following property to the JDBC user store configured in the user-mgt.xml file (stored in the <PRODUCT_HOME>/repository/conf directory).

        <Property name="IsBulkImportSupported">true</Property>
  • It is recommended to upload a maximum of 500,000 users at a time. If you need to upload more users, you can upload them in separate batches of 500,000 each.

  • You can also specify the size of the file that you can upload to the product in the <PRODUCT_HOME>/repository/conf/carbon.xml file using the TotalFileSizeLimit element as shown below. This value is in MB.


Creating a file with users

You must first create a CSV file or an Excel file with the user information. It is possible to import the username and password directly from the CSV/Excel to the product. You can also assign each user to multiple roles. Here's an example CSV file:

    UserName,password,roleuser1,password123, role=admin:developer
    user2,password123, role=admin:tester
    user3,password123, role=admin:developer:tester
    user4,password123, role=devops
    user5,password123, role=devops:tester


Make sure you have the roles that you assign to the users available in the system. If not, the server will throw an error. See Configuring Roles for information on adding user roles to the server.

In addition to importing users with their passwords and roles, you can import other user attributes such as email address , full name , last name, mobile , given name etc. using **** claim URls that are defined for attributes . Here's an example of claim URls that you can defined for your product:

To import users with username, password, roles, and other attributes (as claim URls), create a CSV file as shown in the example below:

    user1, password123,,,,
    user2, password123, myname2,,,
    user3, password123, myname3,,,


If you are using WSO2 Identity Server , you can choose to leave the password empty as shown by the third line in the below sample. To use this option, you need to first enable the Ask Password option for the server.

Importing users from the CSV/Excel file

To import users in bulk:

  1. Log in to the management console of your WSO2 product.
  2. In the Configure menu, Under Users and Roles , click Add.
  3. Click Bulk Import Users .
  4. The user stores configured for your product will be listed in the Domain field. Select the user store to which you want to import the users from the list, upload the CSV or excel sheet, and click Finish. {height="250"}


The default password of the imported users is valid only for 24 hours. As the system administrator, you can resolve issues of expired passwords by logging in as the Admin and changing the user's password from the User Management ->Users page. The 'Everyone' role will be assigned to the users by default.

Customizing the user's roles and permissions

Each role specifies a set of permissions that the user will have when assigned to that role. After creating a user, you can assign and remove roles for that user by clicking Assign Roles in the Actions column. To see which users a role is already assigned to, click View Users next to the role.

You can also customize which permissions apply to this user by clicking View Roles in the Actions column of the Users screen and then selecting the permissions from each role that you want this user to have. For information on permissions, see Role-based Permissions .

Customizing a user's profile

Each individual user has a profile that can be updated to include various details. To do this, click User Profile on the Users screen. Make the changes required and click Update . You can also add multiple profiles for a user.


Note : You can only add new profiles if you are connected to a JDBC user store. You also need to have administrator privileges.

Do the following in order to add new profiles.

  1. On the Main tab in the Management Console, click List under Users and Roles .
  2. Click Users . This link is only visible to users with the Admin role.
  3. Click the User Profile link.
  4. You can add multiple profiles using the Add New Profile link and create any number of profiles for your user as long as the user is located in a JDBC user store.

Deleting an existing user

Follow the instructions below to delete a user.


Deleting a user cannot be undone.

  1. On the Main tab in the management console click List under Users and Roles .
  2. Click Users . This link is only visible to users with User Management level permissions. For information on permissions, see Role-based Permissions .
  3. In the Users list, click Delete next to the user you want to delete, and then click Yes to confirm the operation.


Once a user is deleted, you can remove all references to the deleted user's identity via the Identity Anonymization tool . For information on building and running the tool, see Removing References to Deleted User Identities in WSO2 Products .

admin_Changing a Password

If you are a user with admin privileges, you can change your own password or reset another user's password using the the management console as explained below.

To change a user's password:

  1. Log in to the management console of your product.
  2. On the Main tab, click List under Users and Roles . 3. To change your own password, click Change My Password , enter your current password and new password, and click Change . 4. If you are an admin user and need to  change another user's password (such as if they have forgotten their current password and need you to reset it), do the following:
    1. Click Users .
    2. Find the user's account on the Users screen and click Change Password in the Actions column.
    3. Enter a new temporary password and click Change .
    4. Inform the user of their new temporary password and instruct them to log in and change it as soon as possible.