Adding a regular user called testing
/usr/local/openvpn_as/scripts/sacli -u testing -k type -v user_connect UserPropPut
Add an autologin user called knock
/usr/local/openvpn_as/scripts/sacli -u knock -k prop_autologin -v true UserPropPut
Add an admin user called admin
/usr/local/openvpn_as/scripts/sacli -u admin -k prop_superuser -v true UserPropPut; /etc/init.d/openvpnas restart
Allow user testing to networks 192.168.0.0/24 and 10.0.0.0/16 via NAT
/usr/local/openvpn_as/scripts/sacli -u testing -k access_to.0 -v +NAT:192.168.0.0/24 UserPropPut; /usr/local/openvpn_as/scripts/sacli -u testing -k access_to.1 -v +NAT:192.168.0.0/16 UserPropPut; /usr/local/openvpn_as/scripts/sacli start
Allow user testing to networks 192.168.0.0/24 and 10.0.0.0/16 via ROUTE
/usr/local/openvpn_as/scripts/sacli -u testing -k access_to.0 -v +ROUTE:192.168.0.0/24 UserPropPut; /usr/local/openvpn_as/scripts/sacli -u testing -k access_to.1 -v +ROUTE:192.168.0.0/16 UserPropPut; /usr/local/openvpn_as/scripts/sacli start
Remove access to network entry 0 and 1 for user testing
/usr/local/openvpn_as/scripts/sacli -u testing -k access_to.0 UserPropDel; /usr/local/openvpn_as/scripts/sacli -u testing -k access_to.1 UserPropDel; /usr/local/openvpn_as/scripts/sacli start
Get installer with profile for user, in this case autologin
./sacli –user testing AutoGenerateOnBehalfOf
./sacli –user testing –key prop_autologin –value true UserPropPut
./sacli –itype msi –autologin -u testing -o installer_testing/ GetInstallerEx
Get separate certificate files for user, for open source applications
./sacli -o ./targetfolder –cn test Get5
Get unified (.ovpn file) for user, for Connect Client for example
./sacli -o ./targetfolder –-cn test Get1
Show all users in user database with all their properties
./confdba -u -s
Show only a specific user in user database with all properties
./confdba -u –prof testuser -s
Remove a user from the database, revoke his/her certificates, and then kick him/her off the server
./confdba -u –prof testing –rm
./sacli –user testing RevokeUser
./sacli –user testing DisconnectUser
Set a password on a user from the command line, when using LOCAL authentication mode:
./sacli –user testing –new_pass passwordgoeshere SetLocalPassword
Enable Google Authenticator for a user:
./sacli --key vpn.server.google_auth.enable --value true ConfigPut
Evan Hoffman's Blog 
Can you please tell me how i can create a group? i want to automate as much as i can but for some reason i cant find how to create a group, than apply a role to this group, than add local users ? any idea please as i am finding the openvpn as support team very useless.