You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Import Groups

Owned by Phillip Hanegan
Feb 07, 2023
6 min read

If you have group data you want to manage in EmpowerID, but that data is in an application that is not connected to EmpowerID—and for which you do not want to create a connector—you can do so by creating a "tracking-only" account store to represent that application in EmpowerID and then import the data from that application to the tracking-only account store in delimited flat file format.

EmpowerID provides two workflows for each aspect of this type of situation.

  • Create Groups from File workflow for importing groups

  • Create Group Accounts from File workflow for importing group memberships

When initiated, each of these workflows reads the flat file you upload and pulls from that file the necessary information to create the corresponding objects and object relationships in EmpowerID, adding those objects (groups) and relationships (group membership) to the specified account store if they don't already exist in the account store. If EmpowerID finds that the account store already has an account or a group or a group membership that matches one or more records in the flat file, it ignores that particular record or records. This ensures that duplicate accounts, groups and group memberships are not created.

Once the user and group data has been added to the account store you create for the application, you can manage and audit it as you would any other type of user and group information. The only difference is that changes you make to those accounts and groups in EmpowerID are not reflected in the source application. Thus, to keep data changes in sync, any changes you make in EmpowerID need to be made in the application.

Prerequisites

Before importing users and groups, you need to do the following:

  1. Create a "tracking-only" account store in EmpowerID for the application containing the user and group data. This type of account store is internal to EmpowerID and is where EmpowerID places the user accounts and groups you import. This allows you to manage those accounts and groups from the representation of the application. For information on creating a tracking-only account store, see Creating Tracking-Only Applications.

  2. Have the group data you want to import in three separate delimited files:

    • one file for the groups

    • another for the group memberships.

  3. Each file must have a certain number of fields that correspond to the EmpowerID object you are creating. These fields, listed by EmpowerID object type, are as follows: 

    • Group:

      • Name, LogonName, FriendlyName

    • Group Membership: 

      • AccountLogonName, GroupLogonName

These fields do not have to be named as such in the flat file. They must, however, be able to map to those fields in EmpowerID. Besides these fields, the flat files can have any number of additional fields. If a corresponding field exists in EmpowerID, map them when importing. If the fields do not have a corresponding field in EmpowerID, ignore them. This is all demonstrated below.

Import groups

  1. On the navbar, expand Single Sign-On and select Applications.

  2. Search for the "tracking-only" application to which you want to import user accounts and click the Display Name link for the application record returned to the grid.

     

    This directs your browser to the View One page for the application. Application View One pages allow you to view and manage the applications to which they relate.

     

  3. On the View One page for the application, select the Identities tab and then expand the Application Groups (In Account Store or Linked Group) accordion.



  4. Click Import Groups From CSV.

    This initiates the Create Groups From File workflow.



  5. In the workflow form, enter the field delimiter for the flat file in the Delimiter field. Comma is the default.

  6. Click Browse and select the file with the groups you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text and the Load CSV button becomes active.

  7. Click the Load CSV button.


    The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.



  8. Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, enter the name of the required field in the drop-down and then click the field to select it. For groups, these fields are Name, LogonName, and FriendlyName.

  9. As needed, map all other fields to their corresponding EmpowerID fields. If the column headers in your flat file already match the required fields, you do not need to map them as the workflow does it for you. Additionally, if a field in the flat file does not have a corresponding group field in EmpowerID, the workflow ignores it.

  10. Once you have completed your mapping, click Submit.

  11. After EmpowerID imports the group, click the Search button in the Application Groups accordion. You should see the newly imported group(s).

     

Import group memberships

  1. On the navbar, expand Single Sign-On and click Applications.

  2. Search for the "tracking-only" application to which you want to import group memberships, click the record returned for the application and then expand the Application Groups (In Account Store or Linked Group) accordion on the Application Details page.

     

  3. Click Import Group Members From CSV.

    This initiates the Create Group Accounts From File workflow.



  4. In the workflow form, enter the field delimiter for the flat file in the Delimiter field. Comma is the default.

  5. Click Browse and select the file with the user information you wish to import. Once you have selected a file, the Browse button is replaced with "File Selected" text and the Load CSV button becomes active.

  6. Click the Load CSV button.


    The form updates to display the data in the flat file. The column headers are shown in the text above the drop-downs, while the records are shown in the grid.

     

  7. Map each of the required fields from the imported data to the appropriate EmpowerID account field. To do so, type the name of the required field in the drop-down and then click the field to select it. For group memberships, these fields are Account_LogonName for the user account, and Group_LogonName for the group.

  8. Once you have completed your mapping, click Submit.

Verify Group Membership

After EmpowerID imports the group memberships, you can verify the accounts have been added to the groups by doing the following:

  1. Select the Group filter on the global search bar at the top of the page.

     

  2. Enter the name of a group whose membership you imported and then click the tile for that group.

    This directs your browser to the View page for the group.

     

  3. Expand the Group Members accordion.

    You should see the imported group member(s).