diff --git a/.gitignore b/.gitignore
index ba621682f..3f6eb2d60 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,7 +5,7 @@
 /access.log
 /parts/
 /prime/
-/snap/.snapcraft/
+/snap/
 /stage/
 /vendor
 /version/commit.txt
diff --git a/Makefile b/Makefile
index ca5f2e072..a504c40ce 100644
--- a/Makefile
+++ b/Makefile
@@ -91,7 +91,12 @@ jimm-image:
 jimm-snap:
 	mkdir -p ./snap
 	cp ./snaps/jimm/snapcraft.yaml ./snap/
-	snapcraft 
+	snapcraft
+
+jimmctl-snap:
+	mkdir -p ./snap
+	cp -R ./snaps/jimmctl/* ./snap/
+	snapcraft
 
 push-microk8s: jimm-image
 	docker tag jimm:latest localhost:32000/jimm:latest
diff --git a/local/candid/config.yaml b/local/candid/config.yaml
index ed8d20ef8..53c53dcfc 100644
--- a/local/candid/config.yaml
+++ b/local/candid/config.yaml
@@ -26,5 +26,12 @@ identity-providers:
       groups:
        - group1
        - group2
+    joe:
+      name: Joe user (non superuser)
+      email: joe.user@example.com
+      password: joe
+      groups:
+       - group1
+       - group2
   hidden: false
-  require-mfa: false
\ No newline at end of file
+  require-mfa: false
diff --git a/snaps/jimmctl/files/jimmctl.wrapper b/snaps/jimmctl/files/jimmctl.wrapper
deleted file mode 100755
index c8341287c..000000000
--- a/snaps/jimmctl/files/jimmctl.wrapper
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-JUJU_DATA=$SNAP_REAL_HOME/.local/share/juju $SNAP/bin/jimmctl "$@"
diff --git a/snaps/jimmctl/local/jimmctl.wrapper b/snaps/jimmctl/local/jimmctl.wrapper
new file mode 100755
index 000000000..88c915b5e
--- /dev/null
+++ b/snaps/jimmctl/local/jimmctl.wrapper
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+JUJU_DATA=$SNAP_REAL_HOME/.local/share/juju "$SNAP"/bin/jimmctl "$@"
diff --git a/snaps/jimmctl/snapcraft.yaml b/snaps/jimmctl/snapcraft.yaml
index 019510f14..35ead1ea7 100644
--- a/snaps/jimmctl/snapcraft.yaml
+++ b/snaps/jimmctl/snapcraft.yaml
@@ -1,16 +1,26 @@
 name: jimmctl
-version: git
 summary: JAAS client
 description: Client for controlling JAAS multi-cloud juju controllers.
+version: git
 grade: stable
 base: core20
 confinement: strict
 
 plugs:
+  # We use personal-files instead of the home interface
+  # as the home interface does not permit access to hidden files/directories.
+  # See: https://askubuntu.com/questions/1238211/how-to-make-snaps-access-hidden-files-and-folders-in-home
+  # And: https://snapcraft.io/docs/personal-files-interface
+  #
+  # The personal-files interface is also a none auto-connect, and must
+  # typically be connected via: snap connect jimmctl:dot-local-share-juju
+  #
+  # In our scenario, we are going to request auto-connect.
   dot-local-share-juju:
     interface: personal-files
     read:
     - $HOME/.local/share/juju
+    - $HOME/.local/share/juju/cookies
 
 apps:
   jimmctl:
@@ -19,7 +29,6 @@ apps:
      - dot-local-share-juju
      - network
 
-
 parts:
   jimmctl:
     plugin: go
@@ -31,9 +40,9 @@ parts:
       set -e
       go install -mod readonly -ldflags '-linkmode=external' github.com/canonical/jimm/cmd/jimmctl
 
-  files:
+  wrapper:
     plugin: dump
-    source: snaps/jimmctl/files/
+    source: snaps/jimmctl/local/
     source-type: local
     organize:
       jimmctl.wrapper: bin/wrappers/jimmctl