Data Imports
Topics:
Introduction to importing data
|
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
In order to run a campaign in Access Certification, the data that will be analyzed must first be uploaded. This is done via the Data Imports page which is accessed by selecting Data in the navigation bar.
The Safeguard for Privileged Passwords data that is used by Access Certification fits the following structure:
Figure 1: Structure of CSV data
Data Imports page
|
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
The Data Imports page is displayed by clicking Data in the navigation bar. The Data Imports page is used for uploading data to Access Certification in order to run a campaign.
The following appears on this page:
Identity Data
When uploading identity data from Safeguard for Privileged Passwords, the information is coming from the local identity provider (Active Directory) for which Safeguard for Privileged Passwords is the authority and corresponds with the users that have access to Safeguard for Privileged Passwords. It does not include data for disabled Safeguard for Privileged Passwords users, but it does include both Local and Certificate accounts. For information on the specific fields within the CSV file, see Identity data.
Clicking the Upload Identity Data button on this tile opens a dialog from which you can select the CSV file associated with the identity data you want uploaded in to Access Certification. Once a new file has been successfully uploaded, the tile will update to display the total number of uploaded identities and the date they were last updated.
Account Data
When uploading account data from Safeguard for Privileged Passwords, the information is coming from the local identity provider (Active Directory) for which Safeguard for Privileged Passwords is the authority. It does not include data for disabled Safeguard for Privileged Passwords users. For information on the specific fields within the CSV file, see Account data.
Clicking the Upload Account Data button on this tile opens a dialog from which you can select the CSV file associated with the account data you want uploaded in to Access Certification. Once a new file has been successfully uploaded, the tile will update to display the total number of uploaded accounts and the date they were last updated.
Group Data
The group data being used is that which corresponds with the groupings of Safeguard for Privileged Passwords users for the purpose of assigning entitlements. Because the data is specific to Safeguard for Privileged Passwords and how it manages users, the information might not be mapped to external identity providers. For information on the specific fields within the CSV file, see Group data.
Clicking the Upload Group Data button on this tile opens a dialog from which you can select the CSV file associated with the group data you want uploaded in to Access Certification. Once a new file has been successfully uploaded, the tile will update to display the total number of uploaded groups and the date they were last updated.
Entitlement Data
Entitlements are groupings of Safeguard for Privileged Passwords access policies and require that the Accounts and Groups data must first be gathered. This is because both accounts (users within Safeguard for Privileged Passwords) and groups can be added to entitlements. Each entitlement may contain zero or more access policies. However, an individual access policy may only be part of one entitlement. The reason for this is so that changing one access policy does not unintentionally modify a separate entitlement that the administrator may not realize is related. For information on the specific fields within the CSV file, see Entitlement data.
Clicking the Upload Entitlement Data button on this tile opens a dialog from which you can select the CSV file associated with the entitlement data you want uploaded in to Access Certification. Once a new file has been successfully uploaded, the tile will update to display the total number of uploaded entitlements and the date they were last updated.
Once you have generated CSV files for each of these data types (Generating CSV files from Safeguard for Privileged Passwords), you can begin uploading the files using this page (Uploading data).
Identity data
|
|
CAUTION: Make sure you save a copy of the original Safeguard for Privileged Passwords CSV files before making edits to the files or uploading them to Access Certification. This is in case an edit to a CSV file leads to an unintended recommended change within Safeguard for Privileged Passwords. The unedited file can be compared to a newer version in order to identify where the data was changed and if it needs to be corrected. |
When uploading identity data from Safeguard for Privileged Passwords, the information is coming from the local identity provider (Active Directory for which Safeguard for Privileged Passwords is the authority and corresponds with the users that have access to Safeguard for Privileged Passwords. It does not include data for disabled Safeguard for Privileged Passwords users, but it does include both Local and Certificate accounts.
The following are descriptions of the fields within the identities CSV file:
|
|
NOTE: If any additional columns are included in the identities CSV file , they will be created as identity attributes in the graph. |
- givenName: A given name (or first name in most western languages)
- familyName: A family name (or last name in most western languages)
- email: An email address for the identity. The value must be unique for all rows within the identities CSV file.
- anchor: This is the anchor attribute that is referenced by the accounts CSV and groups CSV files. It specifies which accounts and groups are owned by this identity (also referenced by the manager field). The value must be unique for all rows within the identities CSV file.
- manager: This attribute is used to correlate two rows within the identities CSV file. When specifying a manager, set the manager value to the anchor value of the manager's identity. We recommend that you always include this data, but it is optional for campaigns where the manager is not the approver.