Currently the admin endpoints ignores credentials when creating the user and a second post is needed to add credentials. I don't see any reason why it has to be this way and we should be able to change it? We already have a PR for it https://issues.jboss.org/browse/KEYCLOAK-5026.