diff --git a/pkg/auth/providers/common/usermanager.go b/pkg/auth/providers/common/usermanager.go
index c92fae251fe..121addf58c0 100644
--- a/pkg/auth/providers/common/usermanager.go
+++ b/pkg/auth/providers/common/usermanager.go
@@ -9,17 +9,16 @@ import (
 	"strings"
 	"time"
 
-	v32 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
-
 	"github.com/pkg/errors"
 	"github.com/rancher/norman/types"
 	"github.com/rancher/norman/types/slice"
+	v3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
 	"github.com/rancher/rancher/pkg/auth/tokens"
 	tokenUtil "github.com/rancher/rancher/pkg/auth/tokens"
-	v3 "github.com/rancher/rancher/pkg/generated/norman/management.cattle.io/v3"
-	rbacv1 "github.com/rancher/rancher/pkg/generated/norman/rbac.authorization.k8s.io/v1"
+	wrangmgmtv3 "github.com/rancher/rancher/pkg/generated/controllers/management.cattle.io/v3"
 	"github.com/rancher/rancher/pkg/types/config"
 	"github.com/rancher/rancher/pkg/user"
+	wrangrbacv1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/rbac/v1"
 	"github.com/rancher/wrangler/v3/pkg/randomtoken"
 	"github.com/sirupsen/logrus"
 	k8srbacv1 "k8s.io/api/rbac/v1"
@@ -41,20 +40,20 @@ const (
 )
 
 func NewUserManagerNoBindings(scaledContext *config.ScaledContext) (user.Manager, error) {
-	userInformer := scaledContext.Management.Users("").Controller().Informer()
-	userIndexers := map[string]cache.IndexFunc{
-		userByPrincipalIndex: userByPrincipal,
-	}
-	if err := userInformer.AddIndexers(userIndexers); err != nil {
-		return nil, err
-	}
+	userInformer := scaledContext.Wrangler.Mgmt.User().Informer()
+	//userIndexers := map[string]cache.IndexFunc{
+	//	userByPrincipalIndex: userByPrincipal,
+	//}
+	//if err := userInformer.AddIndexers(userIndexers); err != nil {
+	//	return nil, err
+	//}
 
 	return &userManager{
-		users:       scaledContext.Management.Users(""),
+		users:       scaledContext.Wrangler.Mgmt.User(),
 		userIndexer: userInformer.GetIndexer(),
-		tokens:      scaledContext.Management.Tokens(""),
-		tokenLister: scaledContext.Management.Tokens("").Controller().Lister(),
-		rbacClient:  scaledContext.RBAC,
+		tokens:      scaledContext.Wrangler.Mgmt.Token(),
+		tokenLister: scaledContext.Wrangler.Mgmt.Token().Cache(),
+		rbacClient:  scaledContext.Wrangler.RBAC,
 	}, nil
 }
 
@@ -66,7 +65,7 @@ var backoff = wait.Backoff{
 }
 
 func NewUserManager(scaledContext *config.ScaledContext) (user.Manager, error) {
-	userInformer := scaledContext.Management.Users("").Controller().Informer()
+	userInformer := scaledContext.Wrangler.Mgmt.User().Informer()
 	userIndexers := map[string]cache.IndexFunc{
 		userByPrincipalIndex: userByPrincipal,
 	}
@@ -74,7 +73,7 @@ func NewUserManager(scaledContext *config.ScaledContext) (user.Manager, error) {
 		return nil, err
 	}
 
-	crtbInformer := scaledContext.Management.ClusterRoleTemplateBindings("").Controller().Informer()
+	crtbInformer := scaledContext.Wrangler.Mgmt.ClusterRoleTemplateBinding().Informer()
 	crtbIndexers := map[string]cache.IndexFunc{
 		crtbsByPrincipalAndUserIndex: crtbsByPrincipalAndUser,
 	}
@@ -82,7 +81,7 @@ func NewUserManager(scaledContext *config.ScaledContext) (user.Manager, error) {
 		return nil, err
 	}
 
-	prtbInformer := scaledContext.Management.ProjectRoleTemplateBindings("").Controller().Informer()
+	prtbInformer := scaledContext.Wrangler.Mgmt.ProjectRoleTemplateBinding().Informer()
 	prtbIndexers := map[string]cache.IndexFunc{
 		prtbsByPrincipalAndUserIndex: prtbsByPrincipalAndUser,
 	}
@@ -90,7 +89,7 @@ func NewUserManager(scaledContext *config.ScaledContext) (user.Manager, error) {
 		return nil, err
 	}
 
-	grbInformer := scaledContext.Management.GlobalRoleBindings("").Controller().Informer()
+	grbInformer := scaledContext.Wrangler.Mgmt.GlobalRoleBinding().Informer()
 	grbIndexers := map[string]cache.IndexFunc{
 		grbByUserIndex: grbByUser,
 	}
@@ -100,36 +99,36 @@ func NewUserManager(scaledContext *config.ScaledContext) (user.Manager, error) {
 
 	return &userManager{
 		manageBindings:           true,
-		users:                    scaledContext.Management.Users(""),
+		users:                    scaledContext.Wrangler.Mgmt.User(),
 		userIndexer:              userInformer.GetIndexer(),
 		crtbIndexer:              crtbInformer.GetIndexer(),
 		prtbIndexer:              prtbInformer.GetIndexer(),
-		tokens:                   scaledContext.Management.Tokens(""),
-		tokenLister:              scaledContext.Management.Tokens("").Controller().Lister(),
-		globalRoleBindings:       scaledContext.Management.GlobalRoleBindings(""),
-		globalRoleLister:         scaledContext.Management.GlobalRoles("").Controller().Lister(),
+		tokens:                   scaledContext.Wrangler.Mgmt.Token(),
+		tokenLister:              scaledContext.Wrangler.Mgmt.Token().Cache(),
+		globalRoleBindings:       scaledContext.Wrangler.Mgmt.GlobalRoleBinding(),
+		globalRoleLister:         scaledContext.Wrangler.Mgmt.GlobalRole().Cache(),
 		grbIndexer:               grbInformer.GetIndexer(),
-		clusterRoleLister:        scaledContext.RBAC.ClusterRoles("").Controller().Lister(),
-		clusterRoleBindingLister: scaledContext.RBAC.ClusterRoleBindings("").Controller().Lister(),
-		rbacClient:               scaledContext.RBAC,
+		clusterRoleLister:        scaledContext.Wrangler.RBAC.ClusterRole().Cache(),
+		clusterRoleBindingLister: scaledContext.Wrangler.RBAC.ClusterRoleBinding().Cache(),
+		rbacClient:               scaledContext.Wrangler.RBAC,
 	}, nil
 }
 
 type userManager struct {
 	// manageBinding means whether or not we gr, grb, crtb, and prtb exist in the cluster
 	manageBindings           bool
-	users                    v3.UserInterface
-	globalRoleBindings       v3.GlobalRoleBindingInterface
-	globalRoleLister         v3.GlobalRoleLister
+	users                    wrangmgmtv3.UserController
+	globalRoleBindings       wrangmgmtv3.GlobalRoleBindingController
+	globalRoleLister         wrangmgmtv3.GlobalRoleCache
 	grbIndexer               cache.Indexer
 	userIndexer              cache.Indexer
 	crtbIndexer              cache.Indexer
 	prtbIndexer              cache.Indexer
-	tokenLister              v3.TokenLister
-	tokens                   v3.TokenInterface
-	clusterRoleLister        rbacv1.ClusterRoleLister
-	clusterRoleBindingLister rbacv1.ClusterRoleBindingLister
-	rbacClient               rbacv1.Interface
+	tokenLister              wrangmgmtv3.TokenCache
+	tokens                   wrangmgmtv3.TokenController
+	clusterRoleLister        wrangrbacv1.ClusterRoleCache
+	clusterRoleBindingLister wrangrbacv1.ClusterRoleBindingCache
+	rbacClient               wrangrbacv1.Interface
 }
 
 func (m *userManager) SetPrincipalOnCurrentUser(apiContext *types.APIContext, principal v3.Principal) (*v3.User, error) {
@@ -241,7 +240,7 @@ func (m *userManager) EnsureClusterToken(clusterName string, input user.TokenInp
 	var err error
 	var token *v3.Token
 	if !input.Randomize {
-		token, err = m.tokenLister.Get("", input.TokenName)
+		token, err = m.tokenLister.Get(input.TokenName)
 		if err != nil && !apierrors.IsNotFound(err) {
 			return "", err
 		}
@@ -420,7 +419,7 @@ func (m *userManager) EnsureUser(principalName, displayName string) (*v3.User, e
 			return user, nil
 		}
 
-		if v32.UserConditionInitialRolesPopulated.IsTrue(user) {
+		if v3.UserConditionInitialRolesPopulated.IsTrue(user) {
 			// The users global role bindings were already created. They can differ
 			// from what is in the annotation if they were updated manually.
 			return user, nil
@@ -486,7 +485,7 @@ func (m *userManager) CreateNewUserClusterRoleBinding(userName string, userUID a
 		UID:        userUID,
 	}
 
-	cr, err := m.clusterRoleLister.Get("", roleName)
+	cr, err := m.clusterRoleLister.Get(roleName)
 	if err != nil {
 		if !apierrors.IsNotFound(err) {
 			return err
@@ -506,7 +505,7 @@ func (m *userManager) CreateNewUserClusterRoleBinding(userName string, userUID a
 			Rules: []k8srbacv1.PolicyRule{rule},
 		}
 
-		cr, err = m.rbacClient.ClusterRoles("").Create(role)
+		cr, err = m.rbacClient.ClusterRole().Create(role)
 		if err != nil {
 			if !apierrors.IsAlreadyExists(err) {
 				return err
@@ -514,7 +513,7 @@ func (m *userManager) CreateNewUserClusterRoleBinding(userName string, userUID a
 		}
 	}
 
-	_, err = m.clusterRoleBindingLister.Get("", bindingName)
+	_, err = m.clusterRoleBindingLister.Get(bindingName)
 	if err != nil {
 		if !apierrors.IsNotFound(err) {
 			return err
@@ -536,7 +535,7 @@ func (m *userManager) CreateNewUserClusterRoleBinding(userName string, userUID a
 				Name: cr.Name,
 			},
 		}
-		_, err = m.rbacClient.ClusterRoleBindings("").Create(crb)
+		_, err = m.rbacClient.ClusterRoleBinding().Create(crb)
 		if err != nil {
 			if !apierrors.IsAlreadyExists(err) {
 				return err
@@ -610,7 +609,7 @@ func (m *userManager) createUsersBindings(user *v3.User) error {
 		user.Annotations[roleTemplatesRequired] = rtr
 
 		if reflect.DeepEqual(roleMap["required"], createdRoles) {
-			v32.UserConditionInitialRolesPopulated.True(user)
+			v3.UserConditionInitialRolesPopulated.True(user)
 		}
 
 		_, err = m.users.Update(user)
@@ -636,7 +635,7 @@ func (m *userManager) createUsersRoleAnnotation() (map[string]string, error) {
 
 	roleMap := make(map[string][]string)
 
-	roles, err := m.globalRoleLister.List("", labels.NewSelector())
+	roles, err := m.globalRoleLister.List(labels.NewSelector())
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/auth/server.go b/pkg/auth/server.go
index 5faf139057c..79f790bb5d3 100644
--- a/pkg/auth/server.go
+++ b/pkg/auth/server.go
@@ -56,6 +56,8 @@ func NewServer(ctx context.Context, cfg *rest.Config, wContext *wrangler.Context
 		return nil, err
 	}
 
+	sc.Wrangler = wContext
+
 	sc.UserManager, err = common.NewUserManagerNoBindings(sc)
 	if err != nil {
 		return nil, err
@@ -66,8 +68,6 @@ func NewServer(ctx context.Context, cfg *rest.Config, wContext *wrangler.Context
 		return nil, err
 	}
 
-	sc.Wrangler = wContext
-
 	authenticator := requests.NewAuthenticator(ctx, clusterrouter.GetClusterID, sc)
 	authManagement, err := newAPIManagement(ctx, sc)
 	if err != nil {