Import Users and Groups
If you have user and group data you want to manage in EmpowerID, but that data is in an application that is not connected to EmpowerID – and for which you do not want to create a connector – you can do so by creating a "tracking-only" account store to represent that application in EmpowerID and then import the data from that application to the tracking-only account store in delimited flat file format.
EmpowerID provides three workflows for each aspect of this type of situation.
Create Accounts from File workflow for importing user accounts
Create Groups from File workflow for importing groups
Create Group Accounts from File workflow for importing group memberships
When initiated, each of these workflows reads the flat file you upload and pulls from that file the necessary information to create the corresponding objects and object relationships in EmpowerID, adding those objects (user accounts and groups) and relationships (group membership) to the specified account store if they don't already exist in the account store. If EmpowerID finds that the account store already has an account, group, or group membership that matches one or more records in the flat file, it ignores that particular record or records. This ensures that duplicate accounts, groups, and group memberships are not created.
Once the user and group data has been added to the account store you create for the application, you can manage and audit it as you would any other type of user and group information. The only difference is that changes you make to those accounts and groups in EmpowerID are not reflected in the source application. Thus, to keep data changes in sync, any changes you make in EmpowerID need to be made in the application.
Prerequisites
Before importing users and groups, you need to do the following:
Create a "tracking-only" account store in EmpowerID for the application containing the user and group data. This type of account store is internal to EmpowerID and is where EmpowerID places the user accounts and groups you import. This allows you to manage those accounts and groups from the application's representation. For information on creating a tracking-only account store, see Creating Tracking-Only Applications.
Have the user and group data you want to import in three separate delimited files:
one file for the user accounts
another for the groups
a third for the group memberships.
Each file must have a certain number of fields corresponding to the EmpowerID object you create. These fields, listed by EmpowerID object type, are as follows:Â
User Account:
Name, LogonName, FriendlyName
Group:
Name, LogonName, FriendlyName
Group Membership:Â
AccountLogonName, GroupLogonName
These fields do not have to be named as such in the flat file. They must, however, be able to map to those fields in EmpowerID. Besides these fields, the flat files can have any number of additional fields. If a corresponding field exists in EmpowerID, map it when importing. If the fields do not have a corresponding field in EmpowerID, ignore them. This is all demonstrated below.
Import user accounts
On the navbar, expand Single Sign-On and select Applications.
Search for the "tracking-only" application to which you want to import user accounts and click the Display Name link for the application record returned to the grid.
This directs your browser to the View One page for the application. Application View One pages allow you to view and manage the applications to which they relate.Â
On the View One page for the application, select the Identities tab and then expand the Application Accounts (In Account Store or Linked Group) accordion.
Click Import Users From CSV. This initiates the Create Accounts From File workflow.
In the workflow form, enter the field delimiter for the flat file in the Delimiter field. The default is a comma.
Click Browse and select the file with the user accounts you wish to import. Once you have selected a file, the Browse button is replaced with "File is Selected" text, and the Load CSV button is active.
Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.Â
Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down below your related headers and then click the field to select it. For accounts, these fields are Name, LogonName, and FriendlyName.
In our example, we have imported data with the account logon name listed under the Logon header. As this header does not match the Logon Name field for the component in EmpowerID, we need to map it before submitting the workflow. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does it for you. Additionally, if a field in the flat file does not have a corresponding account field in EmpowerID, the workflow ignores it.ÂOnce you have completed your mapping, click Submit.
After EmpowerID imports the users, you should see them in the accordion.
Import groups
On the navbar, expand Single Sign-On and select Applications.
Search for the "tracking-only" application to which you want to import user accounts and click the Display Name link for the application record returned to the grid.
Â
This directs your browser to the View One page for the application. Application View One pages allow you to view and manage the applications to which they relate.
Â
On the View One page for the application, select the Identities tab and then expand the Application Groups (In Account Store or Linked Group) accordion.
Click Import Groups From CSV. This initiates the Create Groups From File workflow.
In the workflow form, enter the field delimiter for the flat file in the Delimiter field. The default is a comma.
Click Browse and select the file with the groups you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text, and the Load CSV button is activated.
Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.Map each required field from the imported data to the appropriate EmpowerID account field. To do so, enter the required field's name in the drop-down menu and then click the field to select it. For groups, these fields are Name, LogonName, and FriendlyName.
As needed, map all other fields to their corresponding EmpowerID fields. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does this for you. Additionally, if a field in the flat file does not have a corresponding group field in EmpowerID, the workflow ignores it.
Once you have completed your mapping, click Submit.
After EmpowerID imports the group, click the Search button in the Application Groups accordion. You should see the newly imported group(s).
Â
Import group memberships
On the navbar, expand Single Sign-On and click Applications.
Search for the "tracking-only" application to which you want to import group memberships, click the record returned for the application and then expand the Application Groups (In Account Store or Linked Group) accordion on the Application Details page.
Â
Click Import Group Members From CSV. This initiates the Create Group Accounts From File workflow.
In the workflow form, enter the field delimiter for the flat file in the Delimiter field. The default is a comma.
Click Browse and select the file with the user information you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text, and the Load CSV button is activated.
Click the Load CSV button.
The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.Â
Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down and then click the field to select it. For group memberships, these fields are Account_LogonName for the user account, and Group_LogonName for the group.
Once you have completed your mapping, click Submit.
Verify Group Membership
After EmpowerID imports the group memberships, you can verify the accounts have been added to the groups by doing the following:
Select the Group filter on the global search bar at the top of the page.
Â
Enter the name of a group whose membership you imported and then click the tile for that group.
This directs your browser to the View page for the group.Â
Expand the Group Members accordion.
You should see the imported group member(s).