Import Users
This feature allows the administrator to update the users or create new users from the conf/UserDirectory.csv. A template file is located in the $MM_HOME/conf/Templates directory in the installation.
Upon external authentication (LDAP, OAuth and SAML2), a valid user is created in the system (if not already there) based upon those credentials from the external authentication authority and will then be in MANAGE > Users. Thus, there is no need to import users in these external authentication scenarios.
You may create the required CSV file from that template.
This process is not simply a merge. It attempts to completely modify the existing set of users, and:
-Merges with existing users
-Creates new users
-It DOES NOT delete existing users which are not in the CSV file.
There is no UNDO for this action.
Steps
- Copy the file UserDirectory.csv from $MM_HOME/conf/Template to $MM_HOME/conf.
- Sign in as a user with at least theSecurity Administratorcapability global role assignment.
- Go to MANAGE > Users in the banner.
- Click the Import users from an external file icon.
- Click RUN OPERATION.
You may also schedule it as a scheduled operation.
Example
Copy the file UserDirectory.csv from $MM_HOME/conf/Template to $MM_HOME/conf and make the necessary changes, including new users and changes to existing users.
Mapping between the columns of UserDirectory.csv and the user properties in MANAGE > Users.
UserDirectory.csv column | UserDirectory.csv column | UserDirectory.csv column |
User property | User property | User property |
Definition | Definition | Definition |
User Login Id | User Login Id | User Login Id |
User Name | User Name | User Name |
Must be specified | Must be specified | Must be specified |
User Full Name | User Full Name | User Full Name |
Full Name | Full Name | Full Name |
The entries in this file can be used to import both native users and external (LDAP, OAuth and SAML) users. The product checks if the user already exists by matching the User Login Id with the user names in the system.
- If there exists a user in the system whose name matches the User Login Id, that user will be updated using the values specified in the file. Only the user properties that have a non-empty value in the file will be updated.
- If the User Group Name is specified, the user will be removed from the existing group assignment(s) and added to the new group(s). Any invalid group name specified in the User Group Name column will cause an error to be logged in the operation log. If the user is the Administrator the group property will not be updated.
- If the existing user is an external user and a non-empty User Password is specified in the file, the password will be ignored, and a warning will be logged in the operation log.
- If there is no user in the system whose name matches the User Login Id a new user will be created using the values specified in the file.
- If the User Password is specified, the user will be created as a native user; otherwise the user will be created as an external user.
- For LDAP users the User Distinguished Name is mandatory. It corresponds to the the distinguished name (DN) of the user in the LDAP directory, e.g. “CN=John Doe,CN=Users,DC=miti,DC=local”.
No users in the system will be deleted even if they are not in the file.
Please refer to the automatic group assignment rules for external users at the user login time. If an external user belongs to an external group and there is a group mapping/assignment between the external group and a local group, the user will be automatically assigned to the local group, despite what was in the UserDirectory.csv.