diff --git a/crates/store/src/auth/mod.rs b/crates/store/src/auth/mod.rs
index 3b1774c..87dc280 100644
--- a/crates/store/src/auth/mod.rs
+++ b/crates/store/src/auth/mod.rs
@@ -7,6 +7,7 @@ use async_trait::async_trait;
 #[async_trait]
 pub trait AuthenticationProvider: 'static {
     async fn get_principal(&self, id: &str) -> Result<Option<User>, crate::Error>;
+    async fn insert_principal(&self, user: User) -> Result<(), crate::Error>;
     async fn validate_user_token(&self, user_id: &str, token: &str) -> Result<Option<User>, Error>;
     async fn add_app_token(&self, user_id: &str, name: String, token: String) -> Result<(), Error>;
 }
diff --git a/crates/store/src/auth/toml_user_store.rs b/crates/store/src/auth/toml_user_store.rs
index 2215bfc..de3ebd1 100644
--- a/crates/store/src/auth/toml_user_store.rs
+++ b/crates/store/src/auth/toml_user_store.rs
@@ -1,11 +1,11 @@
-use super::{user::AppToken, AuthenticationProvider};
+use super::{AuthenticationProvider, user::AppToken};
 use crate::{auth::User, error::Error};
 use anyhow::anyhow;
 use async_trait::async_trait;
 use password_hash::PasswordHasher;
 use pbkdf2::{
-    password_hash::{self, rand_core::OsRng, SaltString},
     Params,
+    password_hash::{self, SaltString, rand_core::OsRng},
 };
 use serde::{Deserialize, Serialize};
 use std::{collections::HashMap, fs, io, ops::Deref};
@@ -65,6 +65,16 @@ impl AuthenticationProvider for TomlPrincipalStore {
         Ok(self.principals.read().await.get(id).cloned())
     }
 
+    async fn insert_principal(&self, user: User) -> Result<(), crate::Error> {
+        let mut principals = self.principals.write().await;
+        if principals.contains_key(&user.id) {
+            return Err(Error::AlreadyExists);
+        }
+        principals.insert(user.id.clone(), user);
+        self.save(principals.deref())?;
+        Ok(())
+    }
+
     async fn validate_user_token(&self, user_id: &str, token: &str) -> Result<Option<User>, Error> {
         let user: User = match self.get_principal(user_id).await? {
             Some(user) => user,
diff --git a/crates/store/src/auth/user.rs b/crates/store/src/auth/user.rs
index 4e88abf..e332406 100644
--- a/crates/store/src/auth/user.rs
+++ b/crates/store/src/auth/user.rs
@@ -54,7 +54,7 @@ pub struct User {
     #[serde(default)]
     pub app_tokens: Vec<AppToken>,
     #[serde(default)]
-    memberships: Vec<String>,
+    pub memberships: Vec<String>,
 }
 
 impl User {