In the second part of configuring UAA with BOSH we'll cover changes which are needed for Health Monitor which may not be obvious from the tutorial found at http://bosh.io/docs/director-users-uaa.html.

Part I of this tutorial is here: https://www.starkandwayne.com/blog/bosh-uaa-with-signed-certificates/

Change Health Manager Authentication

In your deployment manifest you should have the user and password defined similar to:

hm:  
  director_account:
    user:  hm_user
    password: hm_password

You've removed all the local accounts from BOSH so you can no longer use a user & password and instead need to use client_id and client_secret much like we did in the Shield example in Part I. We do this in two steps, the first defines a new UAA client and then we use these client credentials for the hm:director_account properties. You can reuse the same user and password of the local account:

uaa:  
  clients:
    hm_user:
      authorities: bosh.admin
      authorized-grant-types: client_credentials
      override: true
      scope: bosh.admin
      secret: hm_password

hm:  
  director_account:
    client_id:   hm_user
    client_user: hm_password

Verify via Logs

SSH onto the microbosh director and tail /var/vcap/sys/log/health_monitor/health_monitor.log, if you get a 401 error you likely copy/pasted the creds incorrectly, are still using user & password instead of client_id & client_secret or need another cup of coffee:

[2016-08-08T14:06:55.175865 #25522] INFO : [ALERT] Alert @ 2016-08-08 14:06:55 UTC, severity 3: Cannot get deployments from director at https://10.8.6.4:25555/deployments: 401 Not authorized: '/deployments'

Run the logs for at least a minute watching for these requests. No 401s and you should be all set, Health Monitor will once again watch over your deployments once it logs into Bosh via UAA. Enjoy!