The credentials are going to be the hardest thing I believe. I think it depends on how “ready to roll” you want to make it ahead of time.
Path 1 - users do it all
The admin creates the user account and grants the access for add-model to the new user. The register command that’s printed out is sent to the user.
They then need instructions are how to add the credentials after they register and set the password. It might be reference to a valid credentials yaml file that can be linked to the user (email a link, or attach, or …)
The user then does
juju add-credential -f ...
This is best if there’s unique credentials generated per user.
Path 2 - admins do all the hard work
The other way to go is have the admins create the account, grant it access, then use the register command themselves to create an initial password for the new user account and load the credentials.
The end user is then given a valid
juju login $ip:$port -c $localname -u $username. As long as they have the password they will get a local cache of info setup and the account can be setup with as much detail/info as needed.
Does that help at all?