diff --git a/pkg/admin/brokerclient.go b/pkg/admin/brokerclient.go
index d4ddf80e..48c4bd34 100644
--- a/pkg/admin/brokerclient.go
+++ b/pkg/admin/brokerclient.go
@@ -429,7 +429,7 @@ func (c *BrokerAdminClient) GetUsers(
 	return results, err
 }
 
-func (c *BrokerAdminClient) CreateUser(
+func (c *BrokerAdminClient) UpsertUser(
 	ctx context.Context,
 	user kafka.UserScramCredentialsUpsertion,
 ) error {
diff --git a/pkg/admin/brokerclient_test.go b/pkg/admin/brokerclient_test.go
index 63c2f9fc..542d225c 100644
--- a/pkg/admin/brokerclient_test.go
+++ b/pkg/admin/brokerclient_test.go
@@ -706,7 +706,7 @@ func TestBrokerClientCreateGetUsers(t *testing.T) {
 
 	}()
 
-	err = client.CreateUser(ctx, kafka.UserScramCredentialsUpsertion{
+	err = client.UpsertUser(ctx, kafka.UserScramCredentialsUpsertion{
 		Name:           name,
 		Mechanism:      mechanism,
 		Iterations:     15000,
@@ -731,7 +731,7 @@ func TestBrokerClientCreateGetUsers(t *testing.T) {
 	}, resp)
 }
 
-func TestBrokerClientCreateUserReadOnly(t *testing.T) {
+func TestBrokerClientUpsertUserReadOnly(t *testing.T) {
 	if !util.CanTestBrokerAdminSecurity() {
 		t.Skip("Skipping because KAFKA_TOPICS_TEST_BROKER_ADMIN_SECURITY is not set")
 	}
@@ -747,7 +747,7 @@ func TestBrokerClientCreateUserReadOnly(t *testing.T) {
 		},
 	)
 	require.NoError(t, err)
-	err = client.CreateUser(ctx, kafka.UserScramCredentialsUpsertion{})
+	err = client.UpsertUser(ctx, kafka.UserScramCredentialsUpsertion{})
 
 	assert.Equal(t, errors.New("Cannot create user in read-only mode"), err)
 }
diff --git a/pkg/admin/client.go b/pkg/admin/client.go
index 7306ac18..f872ad90 100644
--- a/pkg/admin/client.go
+++ b/pkg/admin/client.go
@@ -83,8 +83,8 @@ type Client interface {
 		acls []kafka.ACLEntry,
 	) error
 
-	// CreateUser creates a user in zookeeper.
-	CreateUser(
+	// UpsertUser creates or updates an user in zookeeper.
+	UpsertUser(
 		ctx context.Context,
 		user kafka.UserScramCredentialsUpsertion,
 	) error
diff --git a/pkg/admin/zkclient.go b/pkg/admin/zkclient.go
index 6d4e2ce2..8f7f4d9d 100644
--- a/pkg/admin/zkclient.go
+++ b/pkg/admin/zkclient.go
@@ -443,7 +443,7 @@ func (c *ZKAdminClient) GetUsers(
 	return nil, errors.New("Users not yet supported with zk access mode; omit zk addresses to fix.")
 }
 
-func (c *ZKAdminClient) CreateUser(
+func (c *ZKAdminClient) UpsertUser(
 	ctx context.Context,
 	user kafka.UserScramCredentialsUpsertion,
 ) error {
diff --git a/pkg/admin/zkclient_test.go b/pkg/admin/zkclient_test.go
index cb537114..72ec4c10 100644
--- a/pkg/admin/zkclient_test.go
+++ b/pkg/admin/zkclient_test.go
@@ -1123,7 +1123,7 @@ func TestZkGetUsers(t *testing.T) {
 	assert.Equal(t, err, errors.New("Users not yet supported with zk access mode; omit zk addresses to fix."))
 }
 
-func TestZkCreateUser(t *testing.T) {
+func TestZkUpsertUser(t *testing.T) {
 	ctx := context.Background()
 	adminClient, err := NewZKAdminClient(
 		ctx,
@@ -1134,6 +1134,6 @@ func TestZkCreateUser(t *testing.T) {
 	require.NoError(t, err)
 	defer adminClient.Close()
 
-	err = adminClient.CreateUser(ctx, kafka.UserScramCredentialsUpsertion{})
+	err = adminClient.UpsertUser(ctx, kafka.UserScramCredentialsUpsertion{})
 	assert.Equal(t, err, errors.New("Users not yet supported with zk access mode; omit zk addresses to fix."))
 }