diff --git a/salt/manager/tools/sbin/so-client b/salt/manager/tools/sbin/so-client
index d9191bd59..87c0d8daa 100755
--- a/salt/manager/tools/sbin/so-client
+++ b/salt/manager/tools/sbin/so-client
@@ -45,6 +45,7 @@ function usage() {
               --id <id>
               --name <name>
               --note <note>
+              --searchusername <run-as username>
   
   generate-secret: Regenerates a client's secret and outputs the new secret. 
             Required parameters: 
@@ -84,7 +85,12 @@ while [[ $# -gt 0 ]]; do
       ;;
     --note) 
       note=$1
-      [[ ${#note} -gt 50 ]] && fail "note cannot be longer than 500 characters"
+      [[ ${#note} -gt 100 ]] && fail "note cannot be longer than 100 characters"
+      shift
+      ;;
+    --searchusername) 
+      searchusername=$1
+      [[ ${#searchusername} -gt 50 ]] && fail "search username cannot be longer than 50 characters"
       shift
       ;;
     --json) 
@@ -199,7 +205,7 @@ function adjustClientPermission() {
       echo "$perm:$identityId" >> "$filename"
     fi
   elif [[ "$op" == "del" ]]; then
-    if [[ "$hasPermission" -ne 1 ]]; then
+    if [[ "$hasPerm" -ne 1 ]]; then
       fail "Client '$identityId' does not have the permission: $perm"
     else
       sed -e "\!^$perm:$identityId\$!d" "$filename" > "$filename.tmp"
@@ -328,7 +334,7 @@ case "${operation}" in
     if [[ "$json" == "1" ]]; then
       echo "{\"id\":\"$id\",\"secret\":\"$secret\"}"
     else
-      echo "Successfully added user ID $id with generated secret: $secret"
+      echo "Successfully added client ID $id with generated secret: $secret"
     fi
     ;;
 
@@ -363,9 +369,10 @@ case "${operation}" in
     [[ "$id" == "" ]] && fail "Id must be provided"
     [[ "$name" == "" ]] && fail "Name must be provided"
     [[ "$note" == "" ]] && fail "Note must be provided"
+    [[ "$searchusername" == "" ]] && fail "Search Username must be provided"
 
     lock
-    update "$id" "$name" "$note"
+    update "$id" "$name" "$note" "$searchusername"
     echo "Successfully updated client"
     ;;
 
@@ -388,7 +395,7 @@ case "${operation}" in
 
     lock
     deleteClient "$id"
-    echo "Successfully deleted client. Run 'so-user sync' to sync with Elasticsearch."
+    echo "Successfully deleted client."
     ;;
   *)
     fail "Unsupported operation: $operation"
diff --git a/salt/manager/tools/sbin/so-user b/salt/manager/tools/sbin/so-user
index 03855f661..e64bd1a8a 100755
--- a/salt/manager/tools/sbin/so-user
+++ b/salt/manager/tools/sbin/so-user
@@ -136,7 +136,6 @@ bcryptRounds=${BCRYPT_ROUNDS:-12}
 elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
 elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles}
 socRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_users_roles}
-clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_clients_roles}
 esUID=${ELASTIC_UID:-930}
 esGID=${ELASTIC_GID:-930}
 soUID=${SOCORE_UID:-939}
@@ -283,18 +282,6 @@ function ensureRoleFileExists() {
     fi
     mv "${rolesTmpFile}" "${socRolesFile}"
   fi
-
-  if [[ ! -f "$clientRolesFile" || ! -s "$clientRolesFile" ]]; then
-    # Generate the new client roles file
-    rolesTmpFile="${clientRolesFile}.tmp"
-    createFile "$rolesTmpFile" "$soUID" "$soGID"
-
-    if [[ -d "$clientRolesFile" ]]; then
-      echo "Removing invalid roles directory created by Docker"
-      rm -fr "$clientRolesFile"
-    fi
-    mv "${rolesTmpFile}" "${clientRolesFile}"
-  fi
 }
 
 function syncElasticSystemUser() {
@@ -370,7 +357,6 @@ function syncElastic() {
       random_crypt=$(get_random_value 53)
       user_data_formatted=$(echo "${user_data_formatted}" | sed -r "s/^(.+:)\$/\\1\$2a\$12${random_crypt}/")
     fi
-
     echo "${user_data_formatted}" >> "$usersTmpFile"
 
     # Append the user roles
@@ -386,10 +372,6 @@ function syncElastic() {
         sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath" >> "$rolesTmpFile"
       [[ $? != 0 ]] && fail "Unable to read role identities from database"
     done < "$socRolesFile"
-
-    # Append the client roles
-    cat "$clientRolesFile" >> "$rolesTmpFile"
-
   else
     echo "Database file or soc roles file does not exist yet, skipping users export"
   fi
diff --git a/salt/soc/files/bin/salt-relay.sh b/salt/soc/files/bin/salt-relay.sh
index 42955a3e8..0ffdf9ad2 100755
--- a/salt/soc/files/bin/salt-relay.sh
+++ b/salt/soc/files/bin/salt-relay.sh
@@ -197,13 +197,9 @@ function manage_client() {
         client_id=$(echo "$request" | jq -r .id)
         name=$(echo "$request" | jq -r .name)
         note=$(echo "$request" | jq -r .note)
-        log "Performing '$op' update for client '$client_id' with name '$name', and note '$note'"
-        response=$(so-client "$op" --id "$client_id" --name "$name" --note "$note")
-        exit_code=$?
-        ;;
-      sync)
-        log "Performing '$op'"
-        response=$(so-user "$op")
+        searchusername=$(echo "$request" | jq -r .searchusername)
+        log "Performing '$op' update for client '$client_id' with name '$name', search username '$searchusername', and note '$note'"
+        response=$(so-client "$op" --id "$client_id" --name "$name" --searchusername "$searchusername" --note "$note")
         exit_code=$?
         ;;
       *)