diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js
index 7805ad251d..bba4376185 100644
--- a/packages/server/src/api/controllers/user.js
+++ b/packages/server/src/api/controllers/user.js
@@ -7,7 +7,7 @@ const {
   ADMIN_LEVEL_ID,
 } = require("../../utilities/accessLevels")
 
-exports.fetch = async function(ctx) {
+exports.fetch = async function (ctx) {
   const database = new CouchDB(ctx.user.instanceId)
   const data = await database.query("database/by_type", {
     include_docs: true,
@@ -17,7 +17,7 @@ exports.fetch = async function(ctx) {
   ctx.body = data.rows.map(row => row.doc)
 }
 
-exports.create = async function(ctx) {
+exports.create = async function (ctx) {
   const database = new CouchDB(ctx.user.instanceId)
   const appId = (await database.get("_design/database")).metadata.applicationId
   const { username, password, name, accessLevelId } = ctx.request.body
@@ -63,16 +63,32 @@ exports.create = async function(ctx) {
   }
 }
 
-exports.update = async function() {}
+exports.update = async function (ctx) {
+  const db = new CouchDB(ctx.user.instanceId)
+  const user = ctx.request.body
 
-exports.destroy = async function(ctx) {
+  const response = await db.put(user)
+  user._rev = response.rev
+
+  ctx.status = 200
+  ctx.body = {
+    message: `User ${ctx.request.body.username} updated successfully.`,
+    user: {
+      ...user,
+      _rev: response.rev,
+      _id: response.id,
+    },
+  }
+}
+
+exports.destroy = async function (ctx) {
   const database = new CouchDB(ctx.user.instanceId)
   await database.destroy(getUserId(ctx.params.username))
   ctx.message = `User ${ctx.params.username} deleted.`
   ctx.status = 200
 }
 
-exports.find = async function(ctx) {
+exports.find = async function (ctx) {
   const database = new CouchDB(ctx.user.instanceId)
   const user = await database.get(getUserId(ctx.params.username))
   ctx.body = {
diff --git a/packages/server/src/api/routes/user.js b/packages/server/src/api/routes/user.js
index 3c560d3f80..532943ea62 100644
--- a/packages/server/src/api/routes/user.js
+++ b/packages/server/src/api/routes/user.js
@@ -8,6 +8,7 @@ const router = Router()
 router
   .get("/api/users", authorized(LIST_USERS), controller.fetch)
   .get("/api/users/:username", authorized(USER_MANAGEMENT), controller.find)
+  .put("/api/users/", authorized(USER_MANAGEMENT), controller.update)
   .post("/api/users", authorized(USER_MANAGEMENT), controller.create)
   .delete(
     "/api/users/:username",