Regular users are created in three ways:
The system admin can create accounts that will gain basic auth access either via CLI or REST API.
The account cannot be used until it is assigned to one or more organizations. When a system admin assigns an account to an organization, it is automatically given full access to the resources of that organization, making the user the organization administrator. Note that an organization administrator is not a type of user, rather a user with full permissions of that organization.
When an organization user with account write permissions creates a new user, the user is given basic auth access. The user will also be automatically assigned to the organization of the user who created the other user.
The new user will start with almost no permissions. The permissions for the account and the organization must be granted by the organization administrator.
Note Granting write to permissions for a user implicitly makes the user an organization administrator since the user can then add their own permissions for other resources.
When an Identity Provider is added for an organization and a user authenticates via the IDP for the first time, a new account is created for that user, either by preferred name given by the IDP or the e-mail address. As a last resort, a generated user name is created for the user.
All usernames in Varnish Controller must be unique, even between organizations.