From ea848b6206724503055f33fc6c1d3738c71d154f Mon Sep 17 00:00:00 2001
From: Alexandra Vedeler <arnex04@gmail.com>
Date: Wed, 15 Jan 2025 13:40:49 +0100
Subject: [PATCH] Add new person as user in organization (#1220)

* can now add new user (person)

* Add error handling and tests; update localization strings

* made story and mocked new endpoint in GUI

* added check of ModelState to BFF endpoint

* fixed missing sign

* minor fixes

* fix warning

* added yet another test

* renamed file

* remove unnecesary line

---------

Co-authored-by: Vedeler <acn-avede@ai-dev.no>
---
 .mock/handlers/user.ts                        |  15 ++
 .../ClientInterfaces/IRegisterClient.cs       |  80 ++++++----
 .../Services/Interfaces/IUserService.cs       |   8 +
 .../Services/UserService.cs                   |  34 ++++-
 .../ClientUtils.cs                            |  27 +++-
 .../Clients/RegisterClient.cs                 |  39 ++++-
 .../ebd192ea-753b-448e-9226-95e8c439bd9f.json |   2 +
 .../Data/Register/Persons/19895199357.json    |   9 ++
 .../Data/Register/Persons/20838198385.json    |   9 ++
 .../Data/Register/Persons/21915399719.json    |   9 ++
 .../ebd192ea-753b-448e-9226-95e8c439bd9f.json |   4 +
 .../Mocks/RegisterClientMock.cs               |  67 +++++++--
 .../Controllers/UserControllerTest.cs         | 141 ++++++++++++++++++
 .../Controllers/UserController.cs             |  56 ++++++-
 .../Models/ValidatePersonInput.cs             |  18 +++
 .../users/NewUserModal/NewPersonContent.tsx   |  62 ++++++++
 .../amUI/users/NewUserModal/NewUserAlert.tsx  |  53 +++++++
 .../NewUserModal/NewUserModal.module.css      |  18 +++
 .../NewUserModal/NewUserModal.stories.tsx     |  20 +++
 .../amUI/users/NewUserModal/NewUserModal.tsx  |  65 ++++++++
 src/features/amUI/users/UsersList.module.css  |   8 +-
 src/features/amUI/users/UsersList.tsx         |  26 ++--
 src/localizations/en.json                     |  16 +-
 src/localizations/no_nb.json                  |  16 +-
 src/localizations/no_nn.json                  |  16 +-
 src/rtk/features/userInfoApi.ts               |  13 ++
 26 files changed, 763 insertions(+), 68 deletions(-)
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/AccessPackage/GetDelegations/ebd192ea-753b-448e-9226-95e8c439bd9f.json
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/19895199357.json
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/20838198385.json
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/21915399719.json
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/RightHolders/RightHolderAccess/ebd192ea-753b-448e-9226-95e8c439bd9f.json
 create mode 100644 backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Models/ValidatePersonInput.cs
 create mode 100644 src/features/amUI/users/NewUserModal/NewPersonContent.tsx
 create mode 100644 src/features/amUI/users/NewUserModal/NewUserAlert.tsx
 create mode 100644 src/features/amUI/users/NewUserModal/NewUserModal.module.css
 create mode 100644 src/features/amUI/users/NewUserModal/NewUserModal.stories.tsx
 create mode 100644 src/features/amUI/users/NewUserModal/NewUserModal.tsx

diff --git a/.mock/handlers/user.ts b/.mock/handlers/user.ts
index 32eb3f576..e404a8744 100644
--- a/.mock/handlers/user.ts
+++ b/.mock/handlers/user.ts
@@ -35,4 +35,19 @@ export const userHandlers = (ACCESSMANAGEMENT_BASE_URL: string) => [
       },
     });
   }),
+  http.post(
+    new RegExp(`${ACCESSMANAGEMENT_BASE_URL}/user/reportee/(?:/[^/]+)?/rightholder/person`),
+    async (req: any) => {
+      const requestBody = await req.request.json();
+      const ssn = requestBody?.ssn;
+      const lastName = requestBody?.lastName;
+      if (lastName.length < 4 || ssn.length !== 11) {
+        return HttpResponse.json({ error: 'Invalid input' }, { status: 404 });
+      } else {
+        return HttpResponse.json({
+          partyUuid: '54f128f7-ca7c-4a57-ad49-3787eb79b506',
+        });
+      }
+    },
+  ),
 ];
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/ClientInterfaces/IRegisterClient.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/ClientInterfaces/IRegisterClient.cs
index d660f20af..50fd9a5d3 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/ClientInterfaces/IRegisterClient.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/ClientInterfaces/IRegisterClient.cs
@@ -2,37 +2,59 @@
 
 namespace Altinn.AccessManagement.UI.Core.ClientInterfaces
 {
-    /// <summary>
-    /// Interface for client wrapper for integration with the platform register API
-    /// </summary>
-    public interface IRegisterClient
-    {
         /// <summary>
-        /// Looks up party information for an organization based on the organization number
+        /// Interface for client wrapper for integration with the platform register API
         /// </summary>
-        /// <param name="organizationNumber">The organization number</param>
-        /// <returns>
-        /// Party information
-        /// </returns>
-        Task<Party> GetPartyForOrganization(string organizationNumber);
+        public interface IRegisterClient
+        {
+                /// <summary>
+                /// Looks up party information for an organization based on the organization number
+                /// </summary>
+                /// <param name="organizationNumber">The organization number</param>
+                /// <returns>
+                /// Party information
+                /// </returns>
+                Task<Party> GetPartyForOrganization(string organizationNumber);
 
-        /// <summary>
-        /// Looks up party information for a list of uuids
-        /// </summary>
-        /// <param name="uuidList">The list of uuids to be looked up</param>
-        /// <returns>
-        /// A list of party information corresponding to the provided uuids
-        /// </returns>
-        Task<List<Party>> GetPartyList(List<Guid> uuidList);
+                /// <summary>
+                /// Looks up party information for a person based on the ssn
+                /// </summary>
+                /// <param name="ssn">The persons ssn</param>
+                /// <returns>
+                /// Party information
+                /// </returns>
+                Task<Party> GetPartyForPerson(string ssn);
 
-        /// <summary>
-        /// Looks up party name for a list of orgNumbers
-        /// </summary>
-        /// <param name="orgNumbers">The list of organisation numbers to be looked up</param>
-        /// <param name="cancellationToken">Cancellation token</param>
-        /// <returns>
-        /// A list of party organisation numbers with corresponding names
-        /// </returns>
-        Task<List<PartyName>> GetPartyNames(IEnumerable<string> orgNumbers, CancellationToken cancellationToken);
-    }
+                /// <summary>
+                /// Looks up party information for a list of uuids
+                /// </summary>
+                /// <param name="uuidList">The list of uuids to be looked up</param>
+                /// <returns>
+                /// A list of party information corresponding to the provided uuids
+                /// </returns>
+                Task<List<Party>> GetPartyList(List<Guid> uuidList);
+
+                /// <summary>
+                /// Looks up a person based on ssn and lastname.
+                /// The endpoint will track the number of failed lookup attempts and block further requests if the number of failed
+                /// lookups have exceeded a threshold number. The user will be prevented from performing new searches
+                /// for a set time. (by throwing a 429 status exception)
+                /// </summary>
+                /// <param name="ssn">The persons ssn - must match latname</param>
+                /// <param name="lastname">The persons lastname - must match ssn</param>
+                /// <returns>
+                /// Person information
+                /// </returns>
+                Task<Person> GetPerson(string ssn, string lastname);
+
+                /// <summary>
+                /// Looks up party name for a list of orgNumbers
+                /// </summary>
+                /// <param name="orgNumbers">The list of organisation numbers to be looked up</param>
+                /// <param name="cancellationToken">Cancellation token</param>
+                /// <returns>
+                /// A list of party organisation numbers with corresponding names
+                /// </returns>
+                Task<List<PartyName>> GetPartyNames(IEnumerable<string> orgNumbers, CancellationToken cancellationToken);
+        }
 }
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/Interfaces/IUserService.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/Interfaces/IUserService.cs
index edddcd0cb..37be28c02 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/Interfaces/IUserService.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/Interfaces/IUserService.cs
@@ -37,5 +37,13 @@ public interface IUserService
         /// <param name="rightHolderUuid">The uuid for the right holder whose accesses are to be returned</param>
         /// <returns>All right holder's accesses</returns>
         Task<RightHolderAccesses> GetRightHolderAccesses(string reporteeUuid, string rightHolderUuid);
+
+        /// <summary>
+        /// Checks that a person with the provided ssn and lastname exists. If they do, the person's partyUuid is returned.
+        /// </summary>
+        /// <param name="ssn">The ssn of the user</param>
+        /// <param name="lastname">The last name of the user</param>
+        /// <returns>The person's partyUuid if ssn and lastname correspond to the same person. Returns null if matching person is not found</returns>
+        Task<Guid?> ValidatePerson(string ssn, string lastname);
     }
 }
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/UserService.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/UserService.cs
index c507fa592..c828c8adc 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/UserService.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Services/UserService.cs
@@ -1,10 +1,6 @@
 using Altinn.AccessManagement.UI.Core.ClientInterfaces;
-using Altinn.AccessManagement.UI.Core.Enums;
 using Altinn.AccessManagement.UI.Core.Models;
 using Altinn.AccessManagement.UI.Core.Models.AccessManagement;
-using Altinn.AccessManagement.UI.Core.Models.Delegation;
-using Altinn.AccessManagement.UI.Core.Models.Delegation.Frontend;
-using Altinn.AccessManagement.UI.Core.Models.ResourceRegistry;
 using Altinn.AccessManagement.UI.Core.Models.User;
 using Altinn.AccessManagement.UI.Core.Services.Interfaces;
 using Altinn.Platform.Profile.Models;
@@ -22,6 +18,7 @@ public class UserService : IUserService
         private readonly IProfileClient _profileClient;
         private readonly IAccessManagementClient _accessManagementClient;
         private readonly IAccessManagementClientV0 _accessManagementClientV0;
+        private readonly IRegisterClient _registerClient;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="APIDelegationService"/> class.
@@ -30,16 +27,19 @@ public class UserService : IUserService
         /// <param name="profileClient">handler for profile client</param>
         /// <param name="accessManagementClient">handler for AM client</param>
         /// <param name="accessManagementClientV0">handler for old AM client</param>
+        /// <param name="registerClient">handler for register client</param>
         public UserService(
             ILogger<IAPIDelegationService> logger,
             IProfileClient profileClient,
             IAccessManagementClient accessManagementClient,
-            IAccessManagementClientV0 accessManagementClientV0)
+            IAccessManagementClientV0 accessManagementClientV0,
+            IRegisterClient registerClient)
         {
             _logger = logger;
             _profileClient = profileClient;
             _accessManagementClient = accessManagementClient;
             _accessManagementClientV0 = accessManagementClientV0;
+            _registerClient = registerClient;
         }
 
         /// <inheritdoc/>
@@ -69,5 +69,29 @@ public Task<RightHolderAccesses> GetRightHolderAccesses(string reporteeUuid, str
         {
             return _accessManagementClient.GetRightHolderAccesses(reporteeUuid, rightHolderUuid);
         }
+
+        /// <inheritdoc/>
+        public async Task<Guid?> ValidatePerson(string ssn, string lastname)
+        {
+            // Check for bad input
+            string ssn_cleaned = ssn.Trim().Replace("\"", string.Empty);
+            string lastname_cleaned = lastname.Trim().Replace("\"", string.Empty);
+            if (ssn_cleaned.Length != 11 || !ssn_cleaned.All(char.IsDigit))
+            {
+                return null;
+            }
+
+            // Check that a person with the provided ssn and last name exists 
+            Person person = await _registerClient.GetPerson(ssn_cleaned, lastname_cleaned);
+
+            if (person == null)
+            {
+                return null;
+            }
+
+            Party personParty = await _registerClient.GetPartyForPerson(ssn_cleaned);
+
+            return personParty?.PartyUuid;
+        }
     }
 }
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/ClientUtils.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/ClientUtils.cs
index c6219213b..ff893d19d 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/ClientUtils.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/ClientUtils.cs
@@ -1,6 +1,6 @@
-using System.Net;
-using System.Text.Json;
+using System.Text.Json;
 using Altinn.AccessManagement.UI.Core.Helpers;
+using Microsoft.Extensions.Logging;
 
 namespace Altinn.AccessManagement.UI.Integration.Util
 {
@@ -14,8 +14,10 @@ public class ClientUtils
         /// </summary>
         /// <typeparam name="T">The type that the response is to be deserialized into</typeparam>
         /// <param name="response">The response message that is to be deserialized</param>
+        /// <param name="logger">The client logger to be used if errors are to be logged</param>
+        /// <param name="clientMethodName">The client name and method name to be used in logging if a logger is provided</param>
         /// <returns>The response, deserialized into an object of type T</returns>
-        public async static Task<T> DeserializeIfSuccessfullStatusCode<T>(HttpResponseMessage response)
+        public async static Task<T> DeserializeIfSuccessfullStatusCode<T>(HttpResponseMessage response, ILogger logger = null, string clientMethodName = "")
         {
             JsonSerializerOptions serializerOptions = new JsonSerializerOptions
             {
@@ -29,8 +31,23 @@ public async static Task<T> DeserializeIfSuccessfullStatusCode<T>(HttpResponseMe
             }
             else
             {
-                string responseContent = await response.Content.ReadAsStringAsync();
-                HttpStatusException error = JsonSerializer.Deserialize<HttpStatusException>(responseContent, serializerOptions);
+                string responseContent = string.Empty;
+                HttpStatusException error;
+                if (response.Content.Headers.ContentLength > 0)
+                {
+                    responseContent = await response.Content.ReadAsStringAsync();
+                    error = JsonSerializer.Deserialize<HttpStatusException>(responseContent, serializerOptions);
+                    if (error.StatusCode != response.StatusCode)
+                    {
+                        error.StatusCode = response.StatusCode;
+                    }
+                }
+                else
+                {
+                    error = new HttpStatusException("General", response.ReasonPhrase, response.StatusCode, string.Empty);
+                }
+
+                logger?.LogError($"AccessManagement.UI // {clientMethodName} // Unexpected HttpStatusCode: {response.StatusCode}\n {responseContent}");
 
                 throw error;
             }
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/Clients/RegisterClient.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/Clients/RegisterClient.cs
index 401a6b8a8..8733138a7 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/Clients/RegisterClient.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Integration/Clients/RegisterClient.cs
@@ -1,12 +1,15 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Net;
+using System.Net.Http.Headers;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using Altinn.AccessManagement.UI.Core.ClientInterfaces;
 using Altinn.AccessManagement.UI.Core.Extensions;
+using Altinn.AccessManagement.UI.Core.Models.AccessPackage;
 using Altinn.AccessManagement.UI.Core.Services.Interfaces;
 using Altinn.AccessManagement.UI.Integration.Configuration;
+using Altinn.AccessManagement.UI.Integration.Util;
 using Altinn.Platform.Register.Models;
 using AltinnCore.Authentication.Utils;
 using Microsoft.AspNetCore.Http;
@@ -41,11 +44,11 @@ public RegisterClient(
             ILogger<RegisterClient> logger,
             IHttpContextAccessor httpContextAccessor,
             IOptions<PlatformSettings> platformSettings,
-            IAccessTokenProvider accessTokenProvider) 
+            IAccessTokenProvider accessTokenProvider)
         {
             _logger = logger;
             _platformSettings = platformSettings.Value;
-            httpClient.BaseAddress = new Uri(_platformSettings.ApiRegisterEndpoint);            
+            httpClient.BaseAddress = new Uri(_platformSettings.ApiRegisterEndpoint);
             httpClient.DefaultRequestHeaders.Add(_platformSettings.SubscriptionKeyHeaderName, _platformSettings.SubscriptionKey);
             _client = httpClient;
             _httpContextAccessor = httpContextAccessor;
@@ -82,6 +85,20 @@ public async Task<Party> GetPartyForOrganization(string organizationNumber)
             }
         }
 
+        /// <inheritdoc/>
+        public async Task<Party> GetPartyForPerson(string ssn)
+        {
+            string endpointUrl = $"parties/lookup";
+            string token = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _platformSettings.JwtCookieName);
+            var accessToken = await _accessTokenProvider.GetAccessToken();
+
+            StringContent requestBody = new StringContent(JsonSerializer.Serialize(new PartyLookup { Ssn = ssn }, _serializerOptions), Encoding.UTF8, "application/json");
+
+            HttpResponseMessage response = await _client.PostAsync(token, endpointUrl, requestBody, accessToken);
+
+            return await ClientUtils.DeserializeIfSuccessfullStatusCode<Party>(response, _logger, "RegisterClient // GetPartyForPerson");
+        }
+
         /// <inheritdoc/>
         public async Task<List<Party>> GetPartyList(List<Guid> uuidList)
         {
@@ -111,6 +128,24 @@ public async Task<List<Party>> GetPartyList(List<Guid> uuidList)
             }
         }
 
+        /// <inheritdoc/>
+        public async Task<Person> GetPerson(string ssn, string lastname)
+        {
+            string endpointUrl = $"persons";
+            string token = JwtTokenUtil.GetTokenFromContext(_httpContextAccessor.HttpContext, _platformSettings.JwtCookieName);
+            var platformAccessToken = await _accessTokenProvider.GetAccessToken();
+
+            var request = new HttpRequestMessage(HttpMethod.Get, endpointUrl);
+            request.Headers.Add("X-Ai-NationalIdentityNumber", ssn);
+            request.Headers.Add("X-Ai-LastName", lastname);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
+            request.Headers.Add("PlatformAccessToken", platformAccessToken);
+
+            HttpResponseMessage response = await _client.SendAsync(request);
+
+            return await ClientUtils.DeserializeIfSuccessfullStatusCode<Person>(response);
+        }
+
         /// <inheritdoc/>
         public async Task<List<PartyName>> GetPartyNames(IEnumerable<string> orgNumbers, CancellationToken cancellationToken)
         {
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/AccessPackage/GetDelegations/ebd192ea-753b-448e-9226-95e8c439bd9f.json b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/AccessPackage/GetDelegations/ebd192ea-753b-448e-9226-95e8c439bd9f.json
new file mode 100644
index 000000000..0d4f101c7
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/AccessPackage/GetDelegations/ebd192ea-753b-448e-9226-95e8c439bd9f.json
@@ -0,0 +1,2 @@
+[
+]
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/19895199357.json b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/19895199357.json
new file mode 100644
index 000000000..241c821ec
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/19895199357.json
@@ -0,0 +1,9 @@
+{
+    "FirstName": "Intelligent",
+    "MiddleName": "",
+    "LastName": "Albatross",
+    "Address": "Gata 2",
+    "MailingAddress": "nada@nada.no",
+    "DateOfBirth": null,
+    "DateOfDeath": null
+}
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/20838198385.json b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/20838198385.json
new file mode 100644
index 000000000..f92c70f5f
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/20838198385.json
@@ -0,0 +1,9 @@
+{
+    "FirstName": "Sitrongul",
+    "MiddleName": "",
+    "LastName": "Medaljong",
+    "Address": "Gata",
+    "MailingAddress": "nada@nada.no",
+    "DateOfBirth": null,
+    "DateOfDeath": null
+}
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/21915399719.json b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/21915399719.json
new file mode 100644
index 000000000..4d234a7ff
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/Register/Persons/21915399719.json
@@ -0,0 +1,9 @@
+{
+    "FirstName": "Livsglad",
+    "MiddleName": "",
+    "LastName": "Film",
+    "Address": "Gata 3",
+    "MailingAddress": "nada@nada.no",
+    "DateOfBirth": null,
+    "DateOfDeath": null
+}
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/RightHolders/RightHolderAccess/ebd192ea-753b-448e-9226-95e8c439bd9f.json b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/RightHolders/RightHolderAccess/ebd192ea-753b-448e-9226-95e8c439bd9f.json
new file mode 100644
index 000000000..a0cb85db5
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Data/RightHolders/RightHolderAccess/ebd192ea-753b-448e-9226-95e8c439bd9f.json
@@ -0,0 +1,4 @@
+{
+  "accessPackages": [],
+  "services": []
+}
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Mocks/RegisterClientMock.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Mocks/RegisterClientMock.cs
index c863e1001..ab55c788a 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Mocks/RegisterClientMock.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Mocks/Mocks/RegisterClientMock.cs
@@ -1,5 +1,7 @@
-using System.Text.Json;
+using System.Net;
+using System.Text.Json;
 using Altinn.AccessManagement.UI.Core.ClientInterfaces;
+using Altinn.AccessManagement.UI.Core.Helpers;
 using Altinn.Platform.Register.Models;
 
 namespace Altinn.AccessManagement.UI.Mocks.Mocks
@@ -9,7 +11,9 @@ namespace Altinn.AccessManagement.UI.Mocks.Mocks
     /// </summary>
     public class RegisterClientMock : IRegisterClient
     {
-        private static readonly JsonSerializerOptions options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
+        private static int _numberOfFaliedPersonLookups = 0;
+        private static readonly JsonSerializerOptions _options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
+
         /// <summary>
         /// Initializes a new instance of the <see cref="RegisterClientMock"/> class
         /// </summary>
@@ -41,26 +45,71 @@ public Task<List<Party>> GetPartyList(List<Guid> uuidList)
             if (File.Exists(testDataPath))
             {
                 string content = File.ReadAllText(testDataPath);
-                List<Party> partyList = JsonSerializer.Deserialize<List<Party>>(content, options);
+                List<Party> partyList = JsonSerializer.Deserialize<List<Party>>(content, _options);
                 return Task.FromResult(new List<Party>() { partyList?.FirstOrDefault(p => p.PartyUuid == uuidList[0]) });
             }
 
             return Task.FromResult(new List<Party> { });
         }
 
+        /// <inheritdoc/>
+        public async Task<Person> GetPerson(string ssn, string lastname)
+        {
+            Person person = null;
+            string testDataPath = Path.Combine(Path.GetDirectoryName(new Uri(typeof(RegisterClientMock).Assembly.Location).LocalPath), "Data", "Register", "Persons", $"{ssn}.json");
+            if (File.Exists(testDataPath))
+            {
+                string content = File.ReadAllText(testDataPath);
+                Person personContent = JsonSerializer.Deserialize<Person>(content, _options);
+                if (personContent.LastName.ToLower() == lastname.ToLower())
+                {
+                    person = personContent;
+                }
+            }
+
+            if (person == null)
+            {
+                _numberOfFaliedPersonLookups++;
+                if (_numberOfFaliedPersonLookups > 3)
+                {
+                    throw new HttpStatusException("Status Error", "Too many failed person lookups", HttpStatusCode.TooManyRequests, null);
+                }
+                else
+                {
+                    throw new HttpStatusException("Status Error", "Person not found", HttpStatusCode.NotFound, null);
+                }
+            }
+            return await Task.FromResult(person);
+        }
+
+        /// <inheritdoc/>
+        public async Task<Party> GetPartyForPerson(string ssn)
+        {
+            Party party = null;
+            string testDataPath = Path.Combine(Path.GetDirectoryName(new Uri(typeof(RegisterClientMock).Assembly.Location).LocalPath), "Data", "Register", "Parties", "parties.json");
+            if (File.Exists(testDataPath))
+            {
+                string content = File.ReadAllText(testDataPath);
+                List<Party> partyList = JsonSerializer.Deserialize<List<Party>>(content, _options);
+                party = partyList?.FirstOrDefault(p => p.SSN == ssn);
+            }
+
+            return await Task.FromResult(party);
+        }
         public Task<List<PartyName>> GetPartyNames(IEnumerable<string> orgNumbers, CancellationToken cancellationToken)
         {
             string testDataPath = Path.Combine(Path.GetDirectoryName(new Uri(typeof(RegisterClientMock).Assembly.Location).LocalPath), "Data", "Register", "Parties", "parties.json");
             if (File.Exists(testDataPath))
             {
                 string content = File.ReadAllText(testDataPath);
-                List<Party> partyList = JsonSerializer.Deserialize<List<Party>>(content, options);
-                List<PartyName> partyNames = partyList?.Where(party => orgNumbers.Contains(party.OrgNumber)).Select(p => 
+                List<Party> partyList = JsonSerializer.Deserialize<List<Party>>(content, _options);
+                List<PartyName> partyNames = partyList?.Where(party => orgNumbers.Contains(party.OrgNumber)).Select(p =>
                 {
-                    return new PartyName { 
-                        OrgNo = p.Organization?.OrgNumber, 
-                        Name = p.Organization?.Name, 
-                        Ssn = p.SSN 
+                    return new PartyName
+                    {
+                        OrgNo = p.Organization?.OrgNumber,
+                        Name = p.Organization?.Name,
+                        Ssn = p.SSN
                     };
                 }).ToList();
                 return Task.FromResult(partyNames);
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Tests/Controllers/UserControllerTest.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Tests/Controllers/UserControllerTest.cs
index ee1bea1f7..870e03903 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Tests/Controllers/UserControllerTest.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Tests/Controllers/UserControllerTest.cs
@@ -1,17 +1,21 @@
 using System.Net;
 using System.Net.Http.Headers;
 using System.Net.Http.Json;
+using System.Text;
+using System.Text.Json;
 using Altinn.AccessManagement.UI.Controllers;
 using Altinn.AccessManagement.UI.Core.ClientInterfaces;
 using Altinn.AccessManagement.UI.Core.Models;
 using Altinn.AccessManagement.UI.Core.Models.AccessManagement;
 using Altinn.AccessManagement.UI.Core.Models.User;
 using Altinn.AccessManagement.UI.Mocks.Utils;
+using Altinn.AccessManagement.UI.Models;
 using Altinn.AccessManagement.UI.Tests.Utils;
 using Altinn.Platform.Profile.Enums;
 using Altinn.Platform.Profile.Models;
 using Microsoft.AspNetCore.Http;
 using Moq;
+using static Microsoft.ApplicationInsights.MetricDimensionNames.TelemetryContext;
 
 namespace Altinn.AccessManagement.UI.Tests.Controllers
 {
@@ -206,5 +210,142 @@ public async Task GetRightholderAccesses_Invalid_Input()
 
             Assert.False(response.IsSuccessStatusCode);
         }
+
+        /// <summary>
+        ///    Test case: Validate a valid person
+        ///    Expected: Returns a 200 and the party uuid of the person
+        /// </summary>
+        [Fact]
+        public async Task ValidatePerson_ValidInput()
+        {
+            // Arrange
+            var partyId = 51329012;
+            var ssn = "20838198385";
+            var lastname = "Medaljong";
+
+            var token = PrincipalUtil.GetToken(1234, 1234, 2);
+            _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+            ValidatePersonInput input = new ValidatePersonInput { Ssn = ssn, LastName = lastname };
+            string jsonRights = JsonSerializer.Serialize(input);
+            HttpContent content = new StringContent(jsonRights, Encoding.UTF8, "application/json");
+
+            var expectedResponse = Guid.Parse("167536b5-f8ed-4c5a-8f48-0279507e53ae");
+
+            // Act
+            HttpResponseMessage httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.OK, httpResponse.StatusCode);
+
+            var response = await httpResponse.Content.ReadFromJsonAsync<Guid>();
+            Assert.Equal(expectedResponse, response);
+
+        }
+
+        /// <summary>
+        ///    Test case: Enter invalid input
+        ///    Expected: Returns a 404 not found
+        /// </summary>
+        [Fact]
+        public async Task ValidatePerson_InvalidInput()
+        {
+            // Arrange
+            var partyId = 51329012;
+            var ssn = "2083819838a"; // Invalid ssn
+            var lastname = "Medaljong";
+
+            var token = PrincipalUtil.GetToken(1234, 1234, 2);
+            _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+            ValidatePersonInput input = new ValidatePersonInput { Ssn = ssn, LastName = lastname };
+            string jsonRights = JsonSerializer.Serialize(input);
+            HttpContent content = new StringContent(jsonRights, Encoding.UTF8, "application/json");
+
+            // Act
+            HttpResponseMessage httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.NotFound, httpResponse.StatusCode);
+        }
+
+        /// <summary>
+        ///    Test case: Enter an ivalid ssn and last name combination
+        ///    Expected: Returns a 404 not found
+        /// </summary>
+        [Fact]
+        public async Task ValidatePerson_InvalidInputCombination()
+        {
+            // Arrange
+            var partyId = 51329012;
+            var ssn = "20838198385"; // Valid ssn
+            var lastname = "Albatross"; // Valid last name, but does not belong to person with given ssn
+
+            var token = PrincipalUtil.GetToken(1234, 1234, 2);
+            _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+            ValidatePersonInput input = new ValidatePersonInput { Ssn = ssn, LastName = lastname };
+            string jsonRights = JsonSerializer.Serialize(input);
+            HttpContent content = new StringContent(jsonRights, Encoding.UTF8, "application/json");
+
+            // Act
+            HttpResponseMessage httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.NotFound, httpResponse.StatusCode);
+        }
+
+        /// <summary>
+        ///    Test case: Enter invalid data too many times
+        ///    Expected: Returns a 429 - too many requests
+        /// </summary>
+        [Fact]
+        public async Task ValidatePerson_TooManyRequests()
+        {
+            // Arrange
+            var partyId = 51329012;
+            var ssn = "20838198311"; // Invalid ssn
+            var lastname = "Hansen"; // Invalid name combination
+
+            var token = PrincipalUtil.GetToken(1234, 1234, 2);
+            _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+            ValidatePersonInput input = new ValidatePersonInput { Ssn = ssn, LastName = lastname };
+            string jsonRights = JsonSerializer.Serialize(input);
+            HttpContent content = new StringContent(jsonRights, Encoding.UTF8, "application/json");
+
+            // Act - reapeat the request 4 times to lock the user
+            HttpResponseMessage httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+            httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+            httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+            httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.TooManyRequests, httpResponse.StatusCode);
+        }
+
+        /// <summary>
+        ///    Test case: Sending the wrong input in body triggers a babd request
+        ///    Expected: Returns a 400 - bad request
+        /// </summary>
+        [Fact]
+        public async Task ValidatePerson_BadRequest()
+        {
+            // Arrange
+            var partyId = 51329012;
+            string input = "The wrong input";
+
+            var token = PrincipalUtil.GetToken(1234, 1234, 2);
+            _client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
+
+            string jsonRights = JsonSerializer.Serialize(input);
+            HttpContent content = new StringContent(jsonRights, Encoding.UTF8, "application/json");
+
+            // Act 
+            HttpResponseMessage httpResponse = await _client.PostAsync($"accessmanagement/api/v1/user/reportee/{partyId}/rightholder/person", content);
+
+            // Assert
+            Assert.Equal(HttpStatusCode.BadRequest, httpResponse.StatusCode);
+        }
     }
 }
\ No newline at end of file
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Controllers/UserController.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Controllers/UserController.cs
index e8c8ea4ce..4629dd1ca 100644
--- a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Controllers/UserController.cs
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Controllers/UserController.cs
@@ -1,11 +1,10 @@
-using Altinn.AccessManagement.UI.Core.ClientInterfaces;
+using System.Net;
 using Altinn.AccessManagement.UI.Core.Helpers;
 using Altinn.AccessManagement.UI.Core.Models;
 using Altinn.AccessManagement.UI.Core.Models.AccessManagement;
 using Altinn.AccessManagement.UI.Core.Models.User;
 using Altinn.AccessManagement.UI.Core.Services.Interfaces;
-using Altinn.Platform.Profile.Models;
-using Altinn.Platform.Register.Models;
+using Altinn.AccessManagement.UI.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -117,6 +116,57 @@ public async Task<ActionResult<List<RightHolder>>> GetReporteeRightHolders(int p
             }
         }
 
+        /// <summary>
+        /// Endpoint for validating a new rightholder through an ssn and last name combination.
+        /// If the ssn and last name does not match, the endpoint will return 404.
+        /// If the endpont is called with unmatching input too many times, the user calling the endpoint will be blocked for an hour and the request will return 429.
+        /// If the combination is valid, the endpoint will return the partyUuid of the person.
+        /// </summary>
+        /// <param name="validationInput">The ssn and last name of the person to be looked up</param>
+        /// <returns>The partyUuid of the person</returns>
+        /// <response code="400">Bad Request</response>
+        /// <response code="500">Internal Server Error</response>
+        [HttpPost]
+        [Authorize]
+        [Route("reportee/{partyId}/rightholder/person")]
+        public async Task<ActionResult<Guid>> ValidatePerson([FromBody] ValidatePersonInput validationInput)
+        {
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(ModelState);
+            }
+
+            try
+            {
+                Guid? partyUuid = await _userService.ValidatePerson(validationInput.Ssn, validationInput.LastName);
+
+                if (partyUuid != null)
+                {
+                    return partyUuid;
+                }
+                else
+                {
+                    return StatusCode(404);
+                }
+            }
+            catch (HttpStatusException ex)
+            {
+                if (ex.StatusCode == HttpStatusCode.TooManyRequests)
+                {
+                    return StatusCode(429);
+                }
+                else
+                {
+                    return new ObjectResult(ProblemDetailsFactory.CreateProblemDetails(HttpContext, (int?)ex.StatusCode, "Unexpected HttpStatus response", detail: ex.Message));
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "GetUserByUUID failed to fetch party information");
+                return StatusCode(500);
+            }
+        }
+
         /// <summary>
         /// Endpoint for retrieving all accesses a specified right holder has on behalf of a party (the reportee)
         /// </summary>
diff --git a/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Models/ValidatePersonInput.cs b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Models/ValidatePersonInput.cs
new file mode 100644
index 000000000..7bc3e8d29
--- /dev/null
+++ b/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Models/ValidatePersonInput.cs
@@ -0,0 +1,18 @@
+namespace Altinn.AccessManagement.UI.Models
+{
+    /// <summary>
+    /// Model for input when validating a person
+    /// </summary>
+    public class ValidatePersonInput
+    {
+        /// <summary>
+        /// The social security number of the person to validate
+        /// </summary>
+        public string Ssn { get; set; }
+
+        /// <summary>
+        /// The last name of the person to validate 
+        /// </summary>
+        public string LastName { get; set; }
+    }
+}
diff --git a/src/features/amUI/users/NewUserModal/NewPersonContent.tsx b/src/features/amUI/users/NewUserModal/NewPersonContent.tsx
new file mode 100644
index 000000000..5aed64180
--- /dev/null
+++ b/src/features/amUI/users/NewUserModal/NewPersonContent.tsx
@@ -0,0 +1,62 @@
+import { Button, TextField } from '@altinn/altinn-components';
+import { useState } from 'react';
+import { t } from 'i18next';
+
+import { useValidateNewUserPersonMutation } from '@/rtk/features/userInfoApi';
+
+import classes from './NewUserModal.module.css';
+import { NewUserAlert } from './NewUserAlert';
+
+export const NewPersonContent = () => {
+  const [ssn, setSsn] = useState('');
+  const [lastName, setLastName] = useState('');
+  const [errorTime, setErrorTime] = useState<string>('');
+
+  const [validateNewPerson, { error, isError, isLoading }] = useValidateNewUserPersonMutation();
+
+  const errorDetails =
+    isError && error && 'status' in error
+      ? {
+          status: error.status.toString(),
+          time: errorTime,
+        }
+      : null;
+
+  const navigateIfValidPerson = () => {
+    validateNewPerson({ ssn, lastName })
+      .unwrap()
+      .then((userUuid) => {
+        window.location.href = `${window.location.href}/${userUuid}`;
+      })
+      .catch(() => {
+        setErrorTime(new Date().toISOString());
+      });
+  };
+
+  return (
+    <div className={classes.newPersonContent}>
+      {isError && <NewUserAlert error={errorDetails} />}
+      <TextField
+        className={classes.textField}
+        label={t('common.ssn')}
+        size='sm'
+        onChange={(e) => setSsn((e.target as HTMLInputElement).value)}
+      />
+      <TextField
+        className={classes.textField}
+        label={t('common.last_name')}
+        size='sm'
+        onChange={(e) => setLastName((e.target as HTMLInputElement).value)}
+      />
+      <div className={classes.validationButton}>
+        <Button
+          disabled={ssn.length !== 11 || lastName.length < 1}
+          loading={isLoading}
+          onClick={navigateIfValidPerson}
+        >
+          {t('new_user_modal.add_button')}
+        </Button>
+      </div>
+    </div>
+  );
+};
diff --git a/src/features/amUI/users/NewUserModal/NewUserAlert.tsx b/src/features/amUI/users/NewUserModal/NewUserAlert.tsx
new file mode 100644
index 000000000..c9a482cab
--- /dev/null
+++ b/src/features/amUI/users/NewUserModal/NewUserAlert.tsx
@@ -0,0 +1,53 @@
+import { Alert, Paragraph } from '@digdir/designsystemet-react';
+import React from 'react';
+import { useTranslation } from 'react-i18next';
+
+export interface NewUserAlertProps {
+  /*** The technical error if one has occured */
+  error?: { status: string; time: string } | null;
+}
+
+export const NewUserAlert = ({ error }: NewUserAlertProps) => {
+  const { t } = useTranslation();
+  let errorText;
+
+  if (error && error.status === '404') {
+    errorText = <Paragraph size='sm'>{t('new_user_modal.not_found_error')}</Paragraph>;
+  } else if (error && error.status === '429') {
+    errorText = <Paragraph size='sm'>{t('new_user_modal.too_many_requests_error')}</Paragraph>;
+  } else if (error) {
+    errorText = (
+      <>
+        <Paragraph
+          size='sm'
+          variant='long'
+        >
+          {t('common.technical_error')}
+        </Paragraph>
+        <Paragraph size='sm'>
+          {t('common.time_of_error', {
+            time: new Date(error.time).toLocaleDateString('nb-NO', {
+              hour: '2-digit',
+              minute: '2-digit',
+              second: '2-digit',
+            }),
+          })}
+        </Paragraph>
+        <Paragraph size='sm'>
+          {t('common.error_status', {
+            status: error.status,
+          })}
+        </Paragraph>
+      </>
+    );
+  }
+
+  return (
+    <Alert
+      size='sm'
+      color='danger'
+    >
+      {errorText}
+    </Alert>
+  );
+};
diff --git a/src/features/amUI/users/NewUserModal/NewUserModal.module.css b/src/features/amUI/users/NewUserModal/NewUserModal.module.css
new file mode 100644
index 000000000..f42d8dd58
--- /dev/null
+++ b/src/features/amUI/users/NewUserModal/NewUserModal.module.css
@@ -0,0 +1,18 @@
+.textField {
+  max-width: 22rem;
+}
+
+.modalHeading {
+  margin-bottom: 10px;
+}
+
+.validationButton {
+  margin-top: 10px;
+}
+
+.newPersonContent {
+  padding-top: 5px;
+  display: flex;
+  flex-direction: column;
+  gap: 15px;
+}
diff --git a/src/features/amUI/users/NewUserModal/NewUserModal.stories.tsx b/src/features/amUI/users/NewUserModal/NewUserModal.stories.tsx
new file mode 100644
index 000000000..3fc921d72
--- /dev/null
+++ b/src/features/amUI/users/NewUserModal/NewUserModal.stories.tsx
@@ -0,0 +1,20 @@
+import type { Meta, StoryObj } from '@storybook/react';
+import { Provider } from 'react-redux';
+
+import store from '@/rtk/app/store';
+
+import { NewUserButton } from './NewUserModal';
+
+export default {
+  title: 'Features/AMUI/NewUserModal',
+  component: NewUserButton,
+  render: () => (
+    <Provider store={store}>
+      <NewUserButton />
+    </Provider>
+  ),
+} as Meta;
+
+export const Default: StoryObj = {
+  args: {},
+};
diff --git a/src/features/amUI/users/NewUserModal/NewUserModal.tsx b/src/features/amUI/users/NewUserModal/NewUserModal.tsx
new file mode 100644
index 000000000..79571027a
--- /dev/null
+++ b/src/features/amUI/users/NewUserModal/NewUserModal.tsx
@@ -0,0 +1,65 @@
+import React, { useRef } from 'react';
+import { Button } from '@altinn/altinn-components';
+import { Heading, Modal, Tabs } from '@digdir/designsystemet-react';
+import { t } from 'i18next';
+
+import { NewPersonContent } from './NewPersonContent';
+import classes from './NewUserModal.module.css';
+
+/**
+ * NewUserButton component renders a button that, when clicked, opens a modal to add a new user.
+ * @component
+ */
+export const NewUserButton: React.FC = () => {
+  const modalRef = useRef<HTMLDialogElement>(null);
+
+  return (
+    <>
+      <Button
+        variant='outline'
+        onClick={() => modalRef.current?.showModal()}
+      >
+        {t('new_user_modal.trigger_button')}
+      </Button>
+      <NewUserModal modalRef={modalRef}></NewUserModal>
+    </>
+  );
+};
+
+interface NewUserModalProps {
+  modalRef: React.RefObject<HTMLDialogElement>;
+}
+
+const NewUserModal: React.FC<NewUserModalProps> = ({ modalRef }) => {
+  return (
+    <Modal
+      ref={modalRef}
+      backdropClose
+      aria-labelledby='newUserModal'
+    >
+      <Heading
+        size='xs'
+        level={2}
+        className={classes.modalHeading}
+        id='newUserModal'
+      >
+        {t('new_user_modal.modal_title')}
+      </Heading>
+      <Tabs
+        defaultValue='person'
+        size='sm'
+      >
+        <Tabs.List>
+          <Tabs.Tab value='person'>{t('new_user_modal.person')}</Tabs.Tab>
+          <Tabs.Tab value='org'>{t('new_user_modal.organization')}</Tabs.Tab>
+        </Tabs.List>
+        <Tabs.Panel value='person'>
+          <NewPersonContent />
+        </Tabs.Panel>
+        <Tabs.Panel value='org'>Kommer senere...</Tabs.Panel>
+      </Tabs>
+    </Modal>
+  );
+};
+
+export default NewUserModal;
diff --git a/src/features/amUI/users/UsersList.module.css b/src/features/amUI/users/UsersList.module.css
index 7be98861a..397b9010d 100644
--- a/src/features/amUI/users/UsersList.module.css
+++ b/src/features/amUI/users/UsersList.module.css
@@ -16,9 +16,15 @@
   padding-top: 1rem;
 }
 
+.searchAndAddUser {
+  display: flex;
+  align-items: center;
+  gap: 1rem;
+  padding-bottom: 10px;
+}
+
 .searchBar {
   max-width: 27rem;
-  padding-bottom: 10px;
 }
 
 .usersListHeading {
diff --git a/src/features/amUI/users/UsersList.tsx b/src/features/amUI/users/UsersList.tsx
index 824726b49..7b777849b 100644
--- a/src/features/amUI/users/UsersList.tsx
+++ b/src/features/amUI/users/UsersList.tsx
@@ -12,6 +12,7 @@ import { List } from '@/components';
 
 import { useFilteredRightHolders } from './useFilteredRightHolders';
 import classes from './UsersList.module.css';
+import { NewUserButton } from './NewUserModal/NewUserModal';
 
 export const UsersList = () => {
   const { t } = useTranslation();
@@ -60,17 +61,20 @@ export const UsersList = () => {
       >
         {t('users_page.user_list_heading')}
       </Heading>
-      <Search
-        className={classes.searchBar}
-        placeholder={t('users_page.user_search_placeholder')}
-        onChange={(event) => onSearch(event.target.value)}
-        onClear={() => {
-          setSearchString('');
-          setCurrentPage(1);
-        }}
-        hideLabel
-        label={t('users_page.user_search_placeholder')}
-      />
+      <div className={classes.searchAndAddUser}>
+        <Search
+          className={classes.searchBar}
+          placeholder={t('users_page.user_search_placeholder')}
+          onChange={(event) => onSearch(event.target.value)}
+          onClear={() => {
+            setSearchString('');
+            setCurrentPage(1);
+          }}
+          hideLabel
+          label={t('users_page.user_search_placeholder')}
+        />
+        <NewUserButton />
+      </div>
       <List
         spacing
         className={classes.usersListItems}
diff --git a/src/localizations/en.json b/src/localizations/en.json
index dfc3c1cc9..9289d37d8 100644
--- a/src/localizations/en.json
+++ b/src/localizations/en.json
@@ -64,7 +64,12 @@
     "has_poa": "Has power of attorney",
     "refresh_cookie_alert": "The chosen actor has been changed in another tab. To synchronize with the change, this page will now reload.",
     "show_more": "Show more",
-    "show_less": "Show less"
+    "show_less": "Show less",
+    "technical_error": "Sorry, a technical error has occurred. Please contact Altinn user service if the problem persists.",
+    "time_of_error": "Error occurred at time: {{time}}",
+    "error_status": "Status: {{status}}",
+    "ssn": "National identity number",
+    "last_name": "Last name"
   },
   "header": {
     "menu-label": "Menu",
@@ -271,6 +276,15 @@
       "missing_rights": "You cannot delegate this authorization to others because you do not have it yourself. The general manager or main administrator can help you with this."
     }
   },
+  "new_user_modal": {
+    "not_found_error": "Did not find a user with the given name and national identity number. Please check that you entered the correct information.",
+    "too_many_requests_error": "You have been blocked due to too many failing attempts. Try again in an hour.",
+    "person": "Person",
+    "organization": "Organization",
+    "modal_title": "Add new person or organization",
+    "trigger_button": "Add user",
+    "add_button": "Add user"
+  },
   "user_role": {
     "SREVA": "Auditor registered in the registry of auditors",
     "FGRP": "Part of enterprise group with",
diff --git a/src/localizations/no_nb.json b/src/localizations/no_nb.json
index 761933722..7ecba4c9c 100644
--- a/src/localizations/no_nb.json
+++ b/src/localizations/no_nb.json
@@ -63,7 +63,12 @@
     "has_poa": "Har fullmakt",
     "refresh_cookie_alert": "Valgt aktør er endret i en annen fane. For å sykronisere visningen vil denne siden bli lastet på nytt.",
     "show_more": "Se mer",
-    "show_less": "Se mindre"
+    "show_less": "Se mindre",
+    "technical_error": "Beklager, det har skjedd en teknisk feil. Vennligst ta kontakt med Altinn brukerservice hvis problemet fortsetter.",
+    "time_of_error": "Tidspunkt feilen inntraff: {{time}}",
+    "error_status": "Status: {{status}}",
+    "ssn": "Fødselsnummer",
+    "last_name": "Etternavn"
   },
   "error_page": {
     "not_found_site_error_type": "Feil 404",
@@ -271,6 +276,15 @@
       "missing_rights": "Du får ikke gitt denne fullmakten til andre fordi du mangler den selv. Daglig leder eller hovedadministrator kan hjelpe deg med dette."
     }
   },
+  "new_user_modal": {
+    "not_found_error": "Fant ingen bruker med dette fødselsnummeret og navnet. Vennligst sjekk at informasjonen er korrekt.",
+    "too_many_requests_error": "Du er blitt sperret pga for mange feilende forsøk. Du kan prøve igjen om en time.",
+    "person": "Person",
+    "organization": "Virksomhet",
+    "modal_title": "Legg til ny person eller virksomhet",
+    "trigger_button": "Legg til bruker",
+    "add_button": "Legg til bruker"
+  },
   "user_role": {
     "SREVA": "Revisor registrert i revisorregisteret",
     "FGRP": "Inngår i foretaksgruppe med",
diff --git a/src/localizations/no_nn.json b/src/localizations/no_nn.json
index e4e1a65d9..46c375438 100644
--- a/src/localizations/no_nn.json
+++ b/src/localizations/no_nn.json
@@ -63,7 +63,12 @@
     "has_poa": "Har fullmakt",
     "refresh_cookie_alert": "Valgt aktør er endret i ein annen fane. For å sykronisere visninga vil denne sida bli lasta på nytt.",
     "show_more": "Se meir",
-    "show_less": "Se mindre"
+    "show_less": "Se mindre",
+    "technical_error": "Beklagar, det har skjedd ein teknisk feil. Ver venleg å ta kontakt med Altinn brukerservice om problemet held fram.",
+    "time_of_error": "Tidspunkt feilen oppstod: {{time}}",
+    "error_status": "Status: {{status}}",
+    "ssn": "Fødselsnummer",
+    "last_name": "Etternavn"
   },
   "header": {
     "menu-label": "Meny",
@@ -269,6 +274,15 @@
       "missing_rights": "Du kan ikkje gi denne fullmakta til andre fordi du manglar den sjølv. Dagleg leiar eller hovudadministrator kan hjelpe deg med dette."
     }
   },
+  "new_user_modal": {
+    "not_found_error": "Fant ingen bruker med dette fødselsnummeret og navnet. Vennligst sjekk at informasjonen er korrekt.",
+    "too_many_requests_error": "Du er blitt sperra pga for mange feilande forsøk. Du kan prøve igjen om ei time.",
+    "person": "Person",
+    "organization": "Virksemnd",
+    "modal_title": "Legg til ny person eller virksemnd",
+    "trigger_button": "Legg til brukar",
+    "add_button": "Legg til brukar"
+  },
   "user_role": {
     "SREVA": "Revisor registrert i revisorregisteret",
     "FGRP": "Inngår i føretaksgruppe med",
diff --git a/src/rtk/features/userInfoApi.ts b/src/rtk/features/userInfoApi.ts
index 4aab87d17..25a717a23 100644
--- a/src/rtk/features/userInfoApi.ts
+++ b/src/rtk/features/userInfoApi.ts
@@ -73,6 +73,18 @@ export const userInfoApi = createApi({
         `reportee/${getCookie('AltinnPartyUuid')}/rightholders/${rightHolderUuid}/accesses`,
       keepUnusedDataFor: 300,
     }),
+    validateNewUserPerson: builder.mutation<string, { ssn: string; lastName: string }>({
+      query: ({ ssn, lastName }) => ({
+        url: `reportee/${getCookie('AltinnPartyUuid')}/rightholder/person`,
+        method: 'POST',
+        body: JSON.stringify({ ssn, lastName }),
+        transformErrorResponse: (response: {
+          status: string | number;
+        }): { status: string | number } => {
+          return { status: response.status };
+        },
+      }),
+    }),
   }),
 });
 
@@ -81,6 +93,7 @@ export const {
   useGetReporteeQuery,
   useGetRightHoldersQuery,
   useGetRightHolderAccessesQuery,
+  useValidateNewUserPersonMutation,
 } = userInfoApi;
 
 export const { endpoints, reducerPath, reducer, middleware } = userInfoApi;