# Create User

Creating users in **IAM (Identity and Access Management)** is the first step in granting controlled access to ONEWEB applications.\
User creation can be performed only by **administrators with appropriate privileges**, ensuring that identity creation and access governance are centrally managed.

***

### Purpose of User Creation

User accounts represent **authenticated identities** within ONEWEB and are used for:

* Authentication and login
* Role assignment and permission enforcement
* Activity tracking, auditing, and accountability
* Secure access to applications, data, and services

IAM supports both **local user repositories** and **external identity sources** such as LDAP.

***

### Prerequisites

Before creating a user, ensure that:

* You have **Admin privileges** in IAM
* The **IAM module** is accessible from ONEWEB settings
* (Optional) LDAP integration is configured if external identity is required

***

### Step‑by‑Step: Create a New User in IAM

***

#### Step 1: Access IAM Administration

1. Log in to ONEWEB with an **Admin user account**
2. Navigate to **Settings**
3. Open the **IAM** module
4. Go to the **Admin** menu

   > The **Admin menu** is visible only to users with Admin privileges

***

#### Step 2: Open User Profile Management

1. From the **Admin** menu, select **User Profile**
2. Click **Create New User**

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FXS9FAFaptVgHtjqZSnyP%2Fimage.png?alt=media&#x26;token=58c3bc21-75b1-4fa3-8117-329912ab689e" alt=""><figcaption></figcaption></figure>

***

#### Step 3: Enter User Information

Complete the required user details, such as:

* **Username**
* **First Name**
* **Last Name**
* **Password**
* Optional user profile photo

***

#### Step 4: Select User Repository

Choose where the user credentials will be managed:

* **Local Repository**
  * Username and password are stored in ONEWEB’s built‑in repository
  * Suitable for standalone or smaller deployments
* **LDAP Repository**
  * Authentication is delegated to an external LDAP directory
  * Suitable for enterprise environments with centralized identity management

> If LDAP is selected, ensure LDAP configuration is already completed.

Once all information is entered, click **Save Change** to create the user.

<figure><img src="https://2015371994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMpDjHWFRUtZ5nJcSfVXd%2Fuploads%2FyMVJCnToX6Cs16Ar9i2B%2Fimage.png?alt=media&#x26;token=d1b3d8b8-7945-49e1-a918-5ffd724d0e70" alt=""><figcaption></figcaption></figure>

***

#### Step 5: Verify User Creation

After saving, the new user appears in the **User Profile** list.

<figure><img src="https://docs.oneweb.tech/oneweb/~gitbook/image?url=https%3A%2F%2F2015371994-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FMpDjHWFRUtZ5nJcSfVXd%252Fuploads%252FPWM7YmBcEEqELfZbvmwi%252Fimage%2520%281%29.png%3Falt%3Dmedia%26token%3Dbdaf4cf4-fe67-4d68-a4ea-d1c441237b2b&#x26;width=768&#x26;dpr=3&#x26;quality=100&#x26;sign=ae9c9e62&#x26;sv=2" alt=""><figcaption></figcaption></figure>

At this stage:

* The user account exists
* The user **cannot access protected resources yet** until roles are assigned

***

### Next Step: Assign Roles and Permissions

Creating a user only establishes identity.\
To enable access, administrators must:

* Assign one or more **roles**
* Ensure roles contain the appropriate **permissions**
* Review access according to the principle of least privilege

(Role assignment is covered in the next section.)

***

### Security & Compliance Considerations

When creating users:

* Verify identity information carefully
* Enforce strong password policies (for Local Repository users)
* Prefer LDAP for centralized identity governance in enterprise setups
* Regularly review and remove inactive user accounts
* Audit user creation activities for compliance

***

### Summary

Creating users in IAM is a controlled administrative operation that establishes authenticated identities within ONEWEB.

Key points:

* Only Admin users can create users
* Users can be stored locally or authenticated via LDAP
* User creation is the foundation for role‑based access control
* Access becomes effective only after roles are assigned

Proper user management is essential for building **secure, auditable, and compliant applications** on the ONEWEB platform.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onewebstack.com/oneweb-platform-th/building-apps/security-and-compliance/authorization-and-access-control/managing-access-control-with-iam/create-user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.