Import Users and Groups from CSV File

Secure Access supports provisioning users and groups manually from a comma-separated values (CSV) file. You must export your Microsoft Active Directory (AD) users and groups to a CSV file. We recommend using CSVDE.EXE from a domain controller.

For each upload, the CSV file can have up to 4000 rows. An import may require ten minutes. Each subsequent CSV file upload replaces the contents of the previous upload. For large numbers of users and groups, we recommend using AD provisioning.

Note: To switch from AD provisioning to CSV import, you must uninstall your Secure Access AD Connectors and delete the AD Connectors in Secure Access. For more information, see Provision Users and Groups from Active Directory.

Table of Contents


CSV File Format

The CSV file must include the users and groups information in a comma delimited format.

Header row:


Object row:

"CN=SAMLUser,CN=Users,DC=mycompany,DC=local",last_name_1,first_name_1,[email protected],[email protected],"CN=Group2,CN=Users,DC=mycompany,DC=com"

The following characters are not supported:


CSV File Fields

FieldRequiredNotesSupported Number of Characters
sn✔️The user's surname (family name or last name).64
givenName✔️The user's given name (legal first name).64
userPrincipalName✔️The userPrincipalName corresponds to the principal that Secure Access receives in the SAML assertion, and is often identical to the object’s mail attribute. However, this is not always the case. The userPrincipalName is constant, but the mail attribute may change.
Example: [email protected]
mail✔️Only valid email addresses.
Example: [email protected]

A user may belong to multiple groups, which are defined in the memberOf attribute.

An example value of the memberOf field:



Import users into Secure Access from a comma-separated values (CSV) file.

  1. Navigate to Connect > Users and Groups > Users and click Provision Users or Connect > Users and Groups > Groups and click Provision Groups.
  2. For Provisioning Method, click Manual Upload to provision users or groups in your organization.
  1. Click Download to save the Secure Access import template to your local system. The template is a CSV file that supports the following format:
  2. Add users or groups to the Secure Access CSV template file, and then upload the CSV file to Secure Access.

For example:

last_name1,first_name1,[email protected],[email protected],adminGroup
last_name2,first_name2,[email protected],[email protected],adminGroup
last_name3,first_name3,[email protected],[email protected],adminGroup
last_name4,first_name4,[email protected],[email protected],adminGroup
last_name5,first_name5,[email protected],[email protected],adminGroup
  1. Click Done.

View Provisioned Users and Groups in Secure Access

  1. Navigate to Connect > Users and Groups to view the users and groups provisioned in your organization.
    1. See View User Details
    2. See View Group Details

Manage Users and Groups < Import Users and Groups from CSV File > Provision Token for Identity Provider