# Create users

You can create human users and bot users.

When you create new users, you specify the following information:

- Alias, for example, an email address.
- Roles.
- Public key.
- Login providers: an internal login, plus external single sign-on (SS0) identity providers, if applicable.


Additionally, you must respect the following guidelines:

- Users within a domain cannot have the same alias.
- Users with the same public key in different domains must have the same alias.


## Prerequisites

Before you create a user, you'll need:

- The user's email address and public key created during registration. For more information, see [Register](/products/custody/v1.15/ui/get-started/register).
- If you want to configure single sign-on (SSO) for the user, details of external identity providers configured for your environment. For more information, contact your Ripple liaison.


## Create a user

To create a new user:

1. In the Ripple Custody UI, navigate to **Administration > Users**.
2. Click **Create new user manually** at the top right.
3. Enter the user details:
![Create user details](/assets/sso-user.d891633a3c433907a9de33bf0ee0d798dc95dd7e13689cc68e307a2d27967a67.42acde11.png)
  1. In **Alias**, enter the email address the user registered with.
Ripple Custody automatically generates a user ID.
  2. Enter the login providers. For each provider, click **Add provider** and then enter the following information:
    - **Identity provider**: The name of the identity provider. For:
      - Internal login: Enter **harmonize**.
      - External providers: Enter the name of the external identity provider.
    - **Login ID**: The user alias configured for the identity provider.
At a minimum, you must enter the internal login details. You can also add SSO providers if configured for your environment.
This is to ensure the user can always log in, even if SSO providers become unavailable.
SSO provider values must be preconfigured by Ripple.
  3. In **User public key**, enter the public key generated during user registration. You can enter the key in one of the following ways:
    - Manually type the key.
    - If you have access to the user profile in the mobile app, use a QR code:
      1. Click the QR code icon at the right of **User public key**.
      2. In the mobile app, select your profile icon at the top right.
![Public key QR code](/assets/app-keyqr.42dff45ce425a7d27df439b60e255fb0bd8c5efe80e910870b851261045ca859.42acde11.png)
      1. Select **Show my public key**.
      2. Hold up the QR code to the camera of the UI device.
4. In **Role(s)**, enter one or more roles for the user. You can select from existing roles or enter new ones. For more information, see [User roles](/products/custody/v1.15/ui/environment/user#user-roles).
5. Enter custom properties, as required.
6. Click **Submit for Approval** and [sign the operation with the app](/products/custody/v1.15/ui/get-started/key-operations/intent-signature).


The new user is created when the intent is successfully executed.