Creating a user
Written by
Updated at April 8, 2026
Create a local user in Identity and Access Management and assign them the required role.
Note
To create a user, you need the organization admin privileges.
Creating a local user
Management console
CLI
- In the management console, navigate to Access management.
- On the Users page, click Create user.
- Specify a username.
- Set a temporary password for the user.
- Click Create.
On first login, the user will need to change their temporary password.
You can only create a local user via the management console. After the user is created, you can use the ClusterAccessBinding or AccessBinding resource to assign them a role.
To check the new user, run this command:
kubectl get clusteraccessbindings -o wide
To assign a role to your new user, create a file named user-role-binding.yaml:
apiVersion: iam.stackland.yandex.cloud/v1alpha1
kind: ClusterAccessBinding
metadata:
name: <username>-role
spec:
roleID: <role_ID>
subject:
kind: User
name: <username>
Where:
metadata.name: Unique role binding name.roleID: Role ID, such asviewer,editor, oradmin.name: Name of the user you created in the management console.
Apply the manifest:
kubectl apply -f user-role-binding.yaml
Creating a federated user
External IdP users are automatically created upon their first login via the SAML federation.
For a federated user to appear in the system:
- Configure the SAML federation.
- Ask the user to log in via the federation.
- After successful authentication, the user will automatically appear in the Identity and Access Management user list.