# Creating and Inviting Users ## Overview There are two methods for creating user accounts with Commander: * Invite users to an enterprise with the `enterprise-user --add` command * Create new user accounts and vaults with the `create-user` command This page will go over the usage of each method. ### Which method should I use? In most cases the best method to use is to invite new users with `enterprise-user --add` which will send vault creation instructions to new users' email. `create-user` may be useful in special circumstances where it is necessary for an administrator to have immediate access to a new vault, or when records need to be shared to a new vault right away. Enterprises that require MFA or SSO Login will need to have these credentials available for each new user if using the `create-user` command. ## Invite Users to an Enterprise Use Commander to invite users to an enterprise by their email address. To invite users to your enterprise using Commander, use the `enterprise-user` command with the `--add` flag. #### Format: ``` enterprise-user John_Smith@example.com --add ``` The invited user's display name can be pre-set by adding the `--name` flag followed by the desired name. The invited user can be automatically put into a designated node with the `--node` flag followed by the name of a node in the enterprise. #### Complete Example: ``` enterprise-user John_Smith@example.com --add --node "Chicago" --name "John Smith" ``` {% hint style="info" %} *Hint:* You can use the shortened version of the command as well: `eu` e.g. `eu John_Smith@example.com --add` {% endhint %} *Find more information in the* [*command documentation.*](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/..#enterprise-user-command) ### Invitation Email and Vault Creation To join the enterprise, the invited user will need to accept an invite emailed to them. ![User invite email](https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F9PQAwVuLYXbONMjioaMg%2Fimage.png?alt=media\&token=999cd7c4-3b38-4081-9fe3-857919c24c9d) When the user clicks "Set Up Your Account Now" they are taken to the Keeper Web Vault to proceed with account creation. {% hint style="warning" %} Until the invited user logs into their Vault, their Vault is not setup or accessible and records cannot be shared with them. {% endhint %} ### Example: Invite Users from Email Addresses in a File In this example, we will take a file with a list of email addresses and send an invite to each email address. #### Setup * Update Commander * Before getting started, be sure that you have the most up-to-date version of Commander. Find the most recent release on the [GitHub releases page](https://github.com/Keeper-Security/Commander/releases). * Set Persistent Login * Persistent login will allow Commander to run commands without needing you to login between each call.\ To enable persistent login, run the following commands in Keeper Commander: ``` this-device register this-device persistent-login on ``` *For more information on persistent login and options, see the* [*documentation page*](https://docs.keeper.io/en/keeperpam/commander-installation-setup/logging-in#persistent-login)*.* #### Getting Started First gather the email addresses into a file. In this example the file will look like this: {% code title="user\_emails.txt" %} ``` john_smith@example.com jane_doe@example.com mary_sue@example.com chris_adams@example.com amanda_patel@example.com ``` {% endcode %} For this example, each email address is on its own line. The file can contain any number of email addresses. #### Send Invites Now that the file is ready, we can use a simple script to cycle through each email and send an invite. {% tabs %} {% tab title="Windows Command Prompt" %} ```bash for /f %e in (user_emails.txt) do keeper enterprise-user "%e" --add ``` {% endtab %} {% tab title="Linux / MacOS Terminal" %} ```bash while read email; do keeper enterprise-user "$email" --add done < user_emails.txt ``` {% endtab %} {% endtabs %} Run the script for your operating system from the examples above to send an invite to each email address from the file. #### Advanced Example: Include User's Name and Node To expand upon the above example, we can include a user's display name and node in the file then apply these details to the user's account when sending them an invite. For this example the file will now look like this: {% code title="users.txt" %} ``` john_smith@example.com,John Smith,Chicago Office jane_doe@example.com,Jane Doe,New York Office mary_sue@example.com,Mary Sue,Chicago Office chris_adams@example.com,Chris Adams,Chicago Office amanda_patel@example.com,Amanda Patel,New York Office ``` {% endcode %} Each line now has each user's email address, display name, and node separated by commas. {% hint style="warning" %} The given nodes must match an existing node name in the Keeper Enterprise. The nodes must exist before sending invites to new users. {% endhint %} To include these details in the invitation command, we simply need to add the relevant flags to the script. {% tabs %} {% tab title="Windows Command Prompt" %} ```bash for /f "tokens=1,2,3 delims=," %e in (users.txt) do keeper eu "%e" --add --name "%f" --node "%g" ``` {% endtab %} {% tab title="Linux / MacOS Terminal" %} ```bash while IFS=, read -r email name node; do keeper eu "$email" --add --name "$name" --node "$node" done < users.txt ``` {% endtab %} {% endtabs %} {% hint style="info" %} Notice that the shortened version of the enterprise-user command eu is used here {% endhint %} Run the script appropriate for your OS and each user from the file will get an invite in their email, their display name will be set, and they will be placed in the correct node. This example could be altered to only supply the display name or node, or to perform other tasks like adding a list of users to a specified team or role. ## Create New User Accounts Sometimes it is necessary to create a new user account and vault which are setup and ready to go before the user logs in. To do this, another command can be used: `create-user` ### Creating Users with Commander When the `create-user` command is used Commander will create a new user account, and set the enterprise data key required for the account to share records with other accounts in the enterprise. To do this Commander must login to the new account once when it is created. #### Format: ``` create-user John_Smith@example.com --node "Chicago" ``` When the account is run, you will be prompted to create a password for the new user. Alternatively you can provide a record from your vault with a password already set to use as the account's password. *See more information about this command in the* [*command documentation*](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/..#create-user-command) #### Enterprises with MFA or SSO Login When using the `create-user` command Commander needs to login to the new account. This means that if the enterprise requires MFA or SSO Login, Commander will need the corresponding credentials for the new account in order to complete vault creation. It is recommended that enterprises only use `create-user` in special circumstances, or on initial enterprise creation before MFA or SSO login is setup and required. ### Differences with enterprise-user Command The `create-user` command differs from the `enterprise-user --add` method in the following ways: * `create-user` requires a password for the new account be set by the Commander user * (Users invited be `enterprise-user --add` will set their own passwords at account creation) * `create-user` requires Commander to login to the new account * When creating a user account with `create-user` the vault is created immediately, and can be accessed or have records shared to it right away `create-user` should only be used in special circumstances or when first creating a new enterprise. ### Creating User Accounts From a File To use the `create-user` command with a list of email addresses from a file, follow the [steps above](#example-invite-users-from-email-addresses-in-a-file) for the `enterprise-user` command and swap out that command with `create-user` For example: {% tabs %} {% tab title="Windows Command Prompt" %} ```bash for /f "tokens=1,2,3 delims=," %e in (users.txt) do keeper create-user "%e" --name "%f" --node "%g" ``` {% endtab %} {% tab title="Linux / MacOS Terminal" %} ```bash while IFS=, read -r email name node; do keeper create-user "$email" --name "$name" --node "$node" done < users.txt ``` {% endtab %} {% endtabs %}