Creating Staff Users with Service Points, Permissions and Passwords using API calls

This is documenting how Duke Libraries set up basic access for staff prior to enabling Duke SSO signon for our hosted environment. This was done very early on in Fameflower, so if you are doing this now and find that the process needs changes, please edit this page and update the directions.

At Duke, we needed to enable ~50 staff to get access to a test instance of FOLIO hosted by Index Data, prior to enabling single-sign on for the server. This meant using FOLIO's default user management system.

Note that you need to make sure email is running on the server so that password reset emails can be delivered.

  1. Load staff users into FOLIO using the API in
    1. Set a username for your staff through this load.
    2. You can't set a default password here. See step 3 for adding credential records.
  2. Create the permission sets or sets you wish to use for your users. We did it manually through the UI. 
    1. You need to record the UUID for the permissions set or sets you want to use. You can get it through an API call to perms/permissions (
  3. Generate credential records for all of your staff users.
    1. This is an API  call to authn/credentials (
  4. Assign permissions to all of your users.
    1. This is an API call to It's an API call to /perms/users/{{id}}/permissions -
    2. Using the parameter ?indexField=userID allows you to use the user account UUID to add permissions, as opposed to the permissions record UUID.
    3. You need the UUID for the permission / permissions sets you wish to add.
  5. Assign Service Points to users
    1. Service points are only needed for staff who are using check in / check out, but depending on your testing parameters, you may wish to give it to all staff initially to allow exploration.
    2. You need the UUIDs for the Service Point(s). You can get those from the URL when viewing the Service Point in the UI, or you can use the Service Point APIs in mod-inventory-storage
    3. To assign service points to users, it is an API call to /service-points-users
  6. Generate password reset emails
    1. This can be done through API call to bl-users/password-reset/link
    2. The API takes a list of user UUIDs.