Creates a user in CDP.




Creates a user in CDP.


--identity-provider-user-id <value>
--email <value>
[--saml-provider-name <value>]
[--groups <value>]
[--first-name <value>]
[--last-name <value>]
[--cli-input-json <value>]


--identity-provider-user-id (string)

The identity provider user id for the user. This ID must match the NameId attribute value that will be passed for the user in the SAML response using the associated SAML provider.

--email (string)

The email address for the user. Used for display purposes only.

--saml-provider-name (string)

The name or CRN of the SAML provider the user will use for login.

--groups (array)

The list of groups the user belongs to. The groups will be created if they do not exist. There are certain restrictions on the group name. Refer to the How To > User Management section in the Management Console documentation for the details.


"string" "string" ...

--first-name (string)

The user first name.

--last-name (string)

The user last name.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.


user -> (object)

Information about a Cloudera CDP user.

userId -> (string)

The stable, unique identifier of the user.

crn -> (string)

The CRN of the user.

email -> (string)

The user’s email address.

firstName -> (string)

The user’s first name.

lastName -> (string)

The user’s last name.

creationDate -> (datetime)

The date when this user record was created.

accountAdmin -> (boolean)

Whether the user is an administrator of their CDP account.

identityProviderCrn -> (string)

The identity provider that the user belongs to. It can be “Cloudera-Default”, “Cloudera-Administration”, or a customer defined IdP.

lastInteractiveLogin -> (datetime)

The date of the user’s last interactive login.

workloadUsername -> (string)

The username used in all the workload clusters of the user.

status -> (string)

The current status of the user. The possible status values are ACTIVE, CONTROL_PLANE_LOCKED_OUT, and DEACTIVATED. ACTIVE indicates that the user is active in CDP. An active user can authenticate to the CDP control plane and workload clusters. CONTROL_PLANE_LOCKED_OUT indicates that the user is locked out of the CDP control plane. The locked-out user can no longer authenticate to the control plane but can authenticate to the workload clusters. DEACTIVATED indicates that the user is deactivated in CDP. A deactivated user can neither authenticate to the control plane nor to the workload clusters. Note that more statuses could be added in the future. The statuses other than ACTIVE are only returned on Cloudera for Government.

workloadPasswordDetails -> (object)

Information about the workload password for a user or machine user.

isPasswordSet -> (boolean)

Whether a workload password is set.

passwordExpirationDate -> (datetime)

The date at which the workload password will expire.

passwordMinLifetimeDate -> (datetime)

The minimum lifetime date of the workload password. A new password can’t be set until this date.

Form Factors

public, private