create_user
Add new users to Keycloak identity management with username, email, and profile details. Set initial passwords and configure user attributes for access control.
Instructions
Create a new user.
Args:
username: Username for the new user
email: Email address
first_name: First name
last_name: Last name
enabled: Whether the user is enabled
email_verified: Whether the email is verified
temporary_password: Initial password (user will be required to change it)
attributes: Additional user attributes
realm: Target realm (uses default if not specified)
Returns:
Dict with status and location of created userInput Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| username | Yes | ||
| No | |||
| first_name | No | ||
| last_name | No | ||
| enabled | No | ||
| email_verified | No | ||
| temporary_password | No | ||
| attributes | No | ||
| realm | No |
Implementation Reference
- src/tools/user_tools.py:66-117 (handler)The main handler function for the 'create_user' MCP tool. It is decorated with @mcp.tool(), which handles both registration and schema definition via type hints and docstring. The function constructs user data and calls the Keycloak client to create the user.
@mcp.tool() async def create_user( username: str, email: Optional[str] = None, first_name: Optional[str] = None, last_name: Optional[str] = None, enabled: bool = True, email_verified: bool = False, temporary_password: Optional[str] = None, attributes: Optional[Dict[str, List[str]]] = None, realm: Optional[str] = None, ) -> Dict[str, str]: """ Create a new user. Args: username: Username for the new user email: Email address first_name: First name last_name: Last name enabled: Whether the user is enabled email_verified: Whether the email is verified temporary_password: Initial password (user will be required to change it) attributes: Additional user attributes realm: Target realm (uses default if not specified) Returns: Dict with status and location of created user """ user_data = { "username": username, "enabled": enabled, "emailVerified": email_verified, } if email: user_data["email"] = email if first_name: user_data["firstName"] = first_name if last_name: user_data["lastName"] = last_name if attributes: user_data["attributes"] = attributes if temporary_password: user_data["credentials"] = [ {"type": "password", "value": temporary_password, "temporary": True} ] # Create user returns no content, but includes Location header await client._make_request("POST", "/users", data=user_data, realm=realm) return {"status": "created", "message": f"User {username} created successfully"}