Import or Update Users for a Specific Application

As a tenant administrator, you can import new users or update existing ones for a specific application with a CSV file. You can also send activation e-mails to the users that have not received activation e-mails for that application so far.

Prerequisites

  • You are assigned the Manage Users role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.

  • You have uploaded the service provider's metadata or entered the information manually. For more information see, Configure Trust.

Context

By importing new users with a CSV file, you create user profiles without passwords in Identity Authentication. As a result, the users receive e-mails with instructions how to activate their accounts. After the users set their passwords, they can log on to the application for which they were imported. Based on the user access configuration of the application, the users can log on to other applications connected with the tenant in Identity Authentication.

In addition to the new user import, you can specify existing users in the imported CSV file. You thus define the users to be updated in Identity Authentication.

By specifying existing users in the imported CSV file you can also restrict the access to a specific application via the Private options. For more information, see Configure User Access to the Application.

The CSV file can contain only columns with no spaces between them, with the following attributes. If you include columns with other attributes, their values in the table are ignored.
CSV Files Attributes
Attributes Mandatory Unique Valid Values Notes
status

Yes

No

  • active
  • inactive

The status column defines whether the user is still active in the system and is able to work with any tenant applications. When a user is deleted, it's rendered inactive.

loginName

No

Yes

 

Must be a string value of up to 64 characters.

You cannot change the e-mail of an existing user.
mail

Yes

Yes

 

Must be a string value of up to 64 characters.

Vaues that are part of the respective exclude list cant' be used. For more information, see Restrict User Attributes Values via Exclude Lists.

firstName

No

No

 

Must be a string value of up to 64 characters.

Vaues that are part of the respective exclude list cant' be used. For more information, see Restrict User Attributes Values via Exclude Lists.

lastName

Yes

No

 

Must be a string value of up to 64 characters.

Vaues that are part of the respective exclude list cant' be used. For more information, see Restrict User Attributes Values via Exclude Lists.

language

No

No

 

Must be a string value specified by a two or four-letter code in one of the following formats: XX, xx, xx-XX or xx_XX. Otherwise the activation e-mail is in English.

validTo

No

No

 

Must be a string value in the Zulu format yyyyMMddHHmmss'Z'.

The information in the validFrom and validTo columns can be processed by the service provider to limit user access. It would affect the authentication of the user, though.

validFrom

No

No

 

Must be a string value in the Zulu format yyyyMMddHHmmss'Z'.

The information in the validFrom and validTo columns can be processed by the service provider to limit user access. It would affect the authentication of the user, though.

spCustomAttribute1

No

No

   
spCustomAttribute2

No

No

   
spCustomAttribute3

No

No

   
spCustomAttribute4

No

No

   
spCustomAttribute5

No

No

   
groups

No

No

 

The groups in the groups column must be existing. You can’t add a user to a user group that is not existing.

The maximum number of groups assigned to a user is 500.

Examples

To import users for an application into Identity Authentication, and to send activation e-mails, proceed as follows:

Procedure

  1. Access the tenant's administration console for Identity Authentication by using the console's URL.
  2. Choose the Import Users tile.

    This operation opens the Import Users page.

  3. Choose the application that you want to edit.
  4. Choose the Browse... button and specify the location of the CSV file.
  5. Choose the Import button.

    If the operation is successful, the system displays the message Users imported or updated.

  6. Choose the one of the following options:
    OptionDescription
    Do nothing The users are imported or updated for the selected application, but they will not receive activation e-mails. The activation e-mails will be sent when you choose Start of the navigation pathSend E-Mails Next navigation step SendEnd of the navigation path.
    Repeat steps 1 to 5 The users are imported or updated for the selected application, but they will not receive activation e-mails. The activation e-mails will be sent when you choose Start of the navigation pathSend E-Mails Next navigation step SendEnd of the navigation path.
    Choose Start of the navigation pathSend E-Mails Next navigation step SendEnd of the navigation path This will send activation e-mails to all users that are imported for the selected application, but have not received activation e-mails so far.