Import Users and Groups from CSV File
Cisco Secure Access supports provisioning users and groups manually from a comma-separated values (CSV) file. Export your Microsoft Active Directory (AD) users and groups to a CSV file. We recommend using CSVDE.EXE from a domain controller.
For each upload, the CSV file can have up to 4000 rows. An import may require ten minutes. Each subsequent CSV file upload replaces the contents of the previous upload. For large numbers of users and groups, we recommend using AD provisioning.
Note: To switch from AD provisioning to CSV import, you must uninstall your Secure Access AD Connectors and delete the AD Connectors in Secure Access. For more information, see Provision Users and Groups from Active Directory.
Table of Contents
- Prerequisites
- CSV File Format
- CSV File Fields
- Procedure
- View Provisioned Users and Groups in Secure Access
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
CSV File Format
The CSV file must include the users and groups information in a comma delimited format.
Header row:
DN,sn,givenName,userPrincipalName,mail,memberOf
Object row:
"CN=SAMLUser,CN=Users,DC=mycompany,DC=local",last_name_1,first_name_1,[email protected],[email protected],"CN=Group2,CN=Users,DC=mycompany,DC=com"
The following characters are not supported:
%<([{\\^-=$!|]})?*+>
CSV File Fields
| Field | Required | Notes | Supported Number of Characters |
|---|---|---|---|
| DN | "CN=SAMLUser,CN=Users,DC=mycompany,DC=local" | 64 | |
| sn | ✔️ | The user's surname (family name or last name). | 64 |
| givenName | ✔️ | The user's given name (legal first name). | 64 |
| userPrincipalName | ✔️ | The userPrincipalName corresponds to the principal that Secure Access receives in the SAML assertion, and is often identical to the object’s mail attribute. However, this is not always the case. The userPrincipalName is constant, but the mail attribute may change.Example: [email protected] | 64 |
| ✔️ | Only valid email addresses. Example: [email protected] | 256 | |
| memberOf | "CN=Group2,CN=Users,DC=mycompany,DC=local" | 1024 |
A user may belong to multiple groups, which are defined in the memberOf attribute.
An example value of the memberOf field:
“CN=Group1,CN=Users,DC=dcloud,DC=local;CN=Group2,CN=Users,
DC=dcloud,DC=local;CN=Group3,CN=Users,DC=dcloud,DC=local;
CN=Group4,CN=Users,DC=dcloud,DC=local”
Procedure
Import users into Secure Access from a comma-separated values (CSV) file.
-
Navigate to Connect > Users and User Groups, and then click Configuration management.
-
On the Configurations tab, click Integrate directories.
-
For Provisioning Method, click Manual Upload to provision users or groups in your organization.
- Click Download to save the Secure Access import template to your local system. The template is a CSV file that supports the following format:
- Add users or groups to the Secure Access CSV template file, and then upload the CSV file to Secure Access.
For example:
DN,sn,givenName,userPrincipalName,mail,memberOf
last_name1,first_name1,[email protected],[email protected],adminGroup
last_name2,first_name2,[email protected],[email protected],adminGroup
last_name3,first_name3,[email protected],[email protected],adminGroup
last_name4,first_name4,[email protected],[email protected],adminGroup
last_name5,first_name5,[email protected],[email protected],adminGroup
- Click Done.
View Provisioned Users and Groups in Secure Access
- Navigate to Connect > Users and Groups to view the users and groups provisioned in your organization.
- For more information, see View User Details.
- For more information, see View Group Details.
Delete an Identity Provider < Import Users and Groups from CSV File > Manage Active Directory Integration
Updated 27 days ago