If you have user and group data you want to manage in EmpowerID, but that data is in an application that is not connected to EmpowerID—and for which you do not want to create a connector—you can do so by creating a "tracking-only" account store to represent that application in EmpowerID and then import the data from that application to the tracking-only account store in delimited flat file format.
EmpowerID provides three workflows for each aspect of this type of situation.
- Create Accounts from File workflow for importing user accounts
- Create Groups from File workflow for importing groups
- Create Group Accounts from File workflow for importing group memberships
When initiated, each of these workflows reads the flat file you upload and pulls from that file the necessary information to create the corresponding objects and object relationships in EmpowerID, adding those objects (user accounts and groups) and relationships (group membership) to the specified account store if they don't already exist in the account store. If EmpowerID finds that the account store already has an account or a group or a group membership that matches one or more records in the flat file, it ignores that particular record or records. This ensures that duplicate accounts, groups and group memberships are not created.
Once the user and group data has been added to the account store you create for the application, you can manage and audit it as you would any other type of user and group information. The only difference is that changes you make to those accounts and groups in EmpowerID are not reflected in the source application. Thus, to keep data changes in sync, any changes you make in EmpowerID need to be made in the application.
Prerequisites
Before importing users and groups, you need to do the following:
- Create a "tracking-only" account store in EmpowerID for the application containing the user and group data. This type of account store is internal to EmpowerID and is where EmpowerID places the user accounts and groups you import. This allows you to manage those accounts and groups from the representation of the application. For information on creating a tracking-only account store, see Creating Tracking-Only Applications.
- Have the user and group data you want to import in three separate delimited files:
- one file for the user accounts
- another for the groups
- a third for the group memberships.
Each file must have a certain number of fields that correspond to the EmpowerID object you are creating. These fields, listed by EmpowerID object type, are as follows:
- User Account: Name, Logon Name, Friendly Name
- Group: Name, Logon Name, Friendly Name
- Group Membership: Account Logon Name, Group Logon Name
These fields do not have to be named as such in the flat file. They must, however, be able to map to those fields in EmpowerID. Besides these fields, the flat files can have any number of additional fields. If a corresponding field exists in EmpowerID, map them when importing. If the fields do not have a corresponding field in EmpowerID, ignore them. This is all demonstrated below.
To import user accounts
- On the navbar, expand Single Sign-On and select Applications.
- Search for the "tracking-only" application to which you want to import user accounts and click the Display Name link for the application record returned to the grid.
This directs your browser to the View One page for the application. Application View One pages allow you to view and manage the applications to which they relate. On the View One page for the application, select the Identities tab and then expand the Application Accounts (In Account Store or Linked Group) accordion.
Click Import Users From CSV.
This initiates the Create Accounts From File workflow.- In the workflow form, type the field delimiter for the flat file in the Delimiter field. Comma is the default.
- Click Browse and select the file with the user accounts you wish to import. Once you have selected a file, the Browse button is replaced with "File is Selected" text and the Load CSV button becomes active.
- Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid. Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down below your related headers and then click the field to select it. For accounts, these fields are Name, LogonName, and FriendlyName.
In our example, we have imported data with the account logon name listed under the Logon header. As this header does not match the Logon Name field for the component in EmpowerID, we need to map it before submitting the workflow. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does it for you. Additionally, if a field in the flat file does not have a corresponding account field in EmpowerID, the workflow ignores them.- Once you have completed your mapping, click Submit.
After EmpowerID imports the users, you should see them in the accordion. - As mentioned above, you can manage the imported user accounts as you would any other accounts. You can search for them, update them and delete them in EmpowerID. For example, from the navigation sidebar, expand Identities and click User Accounts.
- In the Locations pane, type the name of the tracking-only application in the search field and then click the node for the application. You should see each imported user account.
- Click a record to select it. You should see a list of possible actions that you can perform against the account in the Actions pane. For example, if you click the Create Person from Account action, EmpowerID creates an EmpowerID Person and links that person to the account.
Import groups
- On the navbar, expand Single Sign-On and click Applications.
- Search for the "tracking-only" application to which you want to import one or more groups, click the record returned for the application and then expand the Application Groups accordion on the Application Details page.
- Click Import Groups From CSV.
This initiates the Create Groups From File workflow. - In the workflow form, type the field delimiter for the flat file in the Delimiter field. Comma is the default.
- Click Browse and select the file with the groups you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text and the Load CSV button becomes active.
- Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid. - Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down and then click the field to select it. For groups, these fields are Name, LogonName, and FriendlyName.
In addition to the required fields, we have a field named Joinable. For groups, that field would map to the AllowJoinRequests field in EmpowerID. To ensure the field is properly matched, we need to search for AllowJoinRequests and select it from the field's drop-down. As needed, map all other fields to their corresponding EmpowerID fields. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does it for you. Additionally, if a field in the flat file does not have a corresponding group field in EmpowerID, the workflow ignores them.
- Once you have completed your mapping, click Submit.
- After EmpowerID imports the group, click the Search button in the Application Groups accordion. You should see the newly imported group(s).
Import group memberships
- On the navbar, expand Single Sign-On and click Applications.
- Search for the "tracking-only" application to which you want to import group memberships, click the record returned for the application and then expand the Application Groups accordion on the Application Details page.
- Click Import Group Members From CSV.
This initiates the Create Group Accounts From File workflow. - In the workflow form, type the field delimiter for the flat file in the Delimiter field. Comma is the default.
- Click Browse and select the file with the user information you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text and the Load CSV button becomes active.
- Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid. Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down and then click the field to select it. For group memberships, these fields are Account_LogonName for the user account, and Group_LogonName for the group.
In our example, we have imported data with the account logon name listed under the Account header and the group logon name under the Group header. As these headers do not match the required fields, we need to map them before submitting the workflow. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does it for you.Once you have completed your mapping, click Submit.