Template
The template provided in the nevisIDM GUI can either be the generic template created by nevisIDM or a prepared, customized one, e.g., with the corporate design of the company. This is controlled via the import configuration parameters of the client policy, as described in the chapter Client policy
Structure of the template
- The first seven rows in the Excel file contain technical information. These columns must not be deleted. In the generated template, they are hidden.
- Rows 8–9 can contain title, picture, logo or any other data. Filling in these rows is optional – they can be empty, but they must not be deleted. In the generated template, they are empty.
- Row 10 contains the language-dependent names of the user attributes and properties.
- In a custom template, the name and order of the attributes can be changed. Make sure to change the order of the technical names in row 7 as well.
- From row 11 on, the values of the user attributes can be set. Each row represents one user. The maximum number of users is configured in the client policy.
Fields of the template
The table below contains the user and credential attributes that can be set in the Excel file. The generated template contains all user attributes and properties. It also contains all supported credential attributes if the administrator has the authorization to create credentials. A custom template does not need to contain all user attributes and properties, only the mandatory ones.
Name | Technical name | Mandatory | Allowed values / Validation |
---|---|---|---|
Address line1 | user.addressline1 | no | String(100) |
Address line2 | user.addressline2 | no | String(100) |
City | user.city | no | String(50) |
Client | user.client_id | depends | The name of the client that was selected on the file upload view. If nevisIDM runs in multi-client mode, this attribute is mandatory. |
Country | user.country | depends | The two-letter ISO3166 country codes, e.g., CH, HU. Whether the attribute is mandatory depends on the value of the client policy configuration parameter validation.user.country.mandatory ). |
Date of birth | user.birthDate | no | Valid date in the format "dd.mm.yyyy". Cannot be later than the current date. |
user.email | yes | String(50) A valid e-mail address. | |
Fax | user.telefax | no | String(50) Valid if the value matches the phone number regex configured in the client policy. |
First name | user.first_name | depends | String). |
Generic credential create | credential.generic.create | no | This flag indicates whether to create a generic credential or not. Its value can be "yes", "no" or empty. The generic credential will be created only if the value of this flag is "yes". |
Generic credential id | credential.generic.extid | no | External ID of the generic credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM. |
Generic credential policy id | credential.policyconfiguration.extid | no | External ID of an existing generic credential policy configuration which belongs to the selected client. The generic credential will be created with this policy. If it is not set, the default generic credential policy will be used. |
Generic credential value | credential.generic,value | yes | Value of the generic credential. |
Kerberos create | credential.kerberos.create | no | This flag indicates whether to create a Kerberos credential or not. Its value can be "yes", "no" or empty. The Kerberos credential will be created only if the value of this flag is "yes". |
Kerberos id | credential.kerberos.extid | no | String(50) External ID of the Kerberos credential. It has to be unique per client. If it is not set, the Kerberos extid will be generated by nevisIDM. |
Kerberos value | credential.kerberos.value | yes | Valid Kerberos credential value. It has to be unique per client. |
Language | user.language_id | yes | EN, DE, IT, FR |
Login id | user.login_id | yes | If the login id generation is enabled, it is not mandatory to set the login id. If the executing user/administrator does not have the authorization to set the login id, the login id must not be set. Valid login id format. Unique within the underlying nevisIDM client. |
Mobile phone | user.mobile | depends | String(50) Valid if the value matches the phone number regex configured in the client policy. If an mTAN credential is created, setting the mobile number is mandatory. |
mTAN create | credential.mtan.create | no | This flag indicates whether to create an mTAN credential or not. Its value can be "yes", "no" or empty. The mTAN credential will be created only if the value of this flag is "yes". If an mTAN credential is created, the user mobile number must be set. |
mTAN id | credential.mtan.extid | no | External ID of the mTAN credential. It has to be unique per client. If it is not set, the mTAN extid will be generated by nevisIDM. |
mTAN policy id | credential.mtan.policyconfiguration.extid | no | External ID of an existing mTAN policy configuration which belongs to the selected client. The mTAN credential will be created with this policy. If it is not set, the default mTAN policy will be used. |
Name | [user.name]). | ||
OTP create | credential.otp.create | no | This flag indicates whether to create an OTP credential or not. Its value can be "yes", "no" or empty. The OTP credential will be created only if the value of this flag is "yes". |
OTP id | credential.otp.extid | no | External ID of the OTP credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM. |
OTP policy id | credential.otp.policyconfiguration.extid | no | External ID of an existing OTP policy configuration which belongs to the selected client. The OTP credential will be created with this policy. If it is not set, the default OTP policy will be used. |
Password create | credential.password.create | no | This flag indicates whether to create a password credential or not. Its value can be "yes", "no" or empty. The password credential will be created only if the value of this flag is "yes". |
Password id | credential.password.extid | no | String(50) External ID of the password credential. It has to be unique per client. If it is not set, the password extid will be generated by nevisIDM. |
Password policy id | credential.password.policyconfiguration.extid | no | External ID of an existing password policy configuration which belongs to the selected client. The password credential will be created with this policy. If it is not set, the default password policy will be used. |
Password value | credential.password.value | depends | Plain value of the password credential. It has to be a valid password value according to the selected password policy settings. If password generation is enabled per policy, the password will be generated and the provided plain value will be ignored. If the value of the policy parameter resetCodeLen0 is bigger than 0, the first part of the generated password is written into the report file that will be returned at the end of the import. In this case, the template must contain the password value field. If password generation is disabled per policy, the password value is mandatory. |
Phone number | user.telephone | no | String(50) Valid if the value matches the phone number regex configured in the client policy. |
Postal code | user.postalcode | no | String(10) |
Profile id | profile.extid | yes | Must not be filled. It will be filled automatically during user creation. |
Profile policy id | Profile.policyconfiguration.extid | No | External id of an existing profile policy which belongs to the selected client. If its value is set, the default profile will be created according to this policy. Otherwise, the default profile policy will be used |
PUK create | credential.puk.create | no | This flag indicates whether to create a PUK credential or not. Its value can be "yes", "no" or empty. The PUK credential will be created only if the value of this flag is "yes". |
PUK id | credential.puk.extid | no | External ID of the PUK credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM. |
PUK policy id | credential.puk.policyconfiguration.extid | no | External ID of an existing PUK policy configuration which belongs to the selected client. The PUK credential will be created with this policy. If it is not set, the default PUK policy will be used |
PUK value | credential.puk.value | depends | Plain value of the PUK credential. The value of the PUK credential is always generated. Therefore, this field cannot be set in the input template. The PUK value is set to the returned Excel template if the parameter plainValueExposedToCaller is true in the PUK policy configuration. In this case, the template must contain the PUK value column. |
Remarks | user.remarks | no | String(1000) |
SecurID create | credential.securid.create | no | This flag indicates whether to create a SecurID credential or not. Its value can be "yes", "no" or empty. The SecurID credential will be created only if the value of this flag is "yes". |
SecurID id | credential.securid.extid | no | External ID of the SecurID credential. It has to be unique per client. If it is not set, the SecurID extid will be generated by nevisIDM. |
SecurID value | credential.securid.value | depends | If the user loginID is set in the template, the SecurID value is not mandatory. In this case, the default value of the SecurID credential is the user's loginID. If the user loginID is not set in the template, the SecurID value is mandatory. |
Sex | user.sex | depends | Valid values: MALE, FEMALE Whether the attribute is mandatory depends on the value of the client policy configuration parameter validation.user.sex.mandatory ). |
Status code | system.status.code | yes | Must not be filled. It will be filled automatically during user creation. If the user was successfully created, the status code is "ok". If an error occurred during user creation, the status code contains an error message. |
Template collection | user.template_collection | no | Name of an existing template collection which belongs to the selected client. |
Title | user.title | no | String(20) |
Unit | user.unit_id | yes | ExtId of an existing unit that belongs to the selected client. The unit has to be active and not marked profileless. * The executing user/administrator has to be authorized for this unit. |
URL Ticket create | credential.urlticket.create | no | This flag indicates whether to create a URL ticket credential or not. Its value can be "yes", "no" or empty. The URL ticket credential will be created only if the value of this flag is "yes". If the parameter "urlPrefix" is not set in the URL ticket policy, the URL ticket credential cannot be created. |
URL Ticket id | credential.urlticket.extid | no | External ID of the URL ticket credential. It has to be unique per client. If it is not set, the URL ticket extid will be generated by nevisIDM. |
URL Ticket policy id | credential.urlticket.policyconfiguration.extid | no | External ID of an existing URL ticket policy configuration that belongs to the selected client. The URL ticket credential will be created with this policy. If it is not set, the default URL ticket policy will be used. |
User id | user.extid | yes | It is not mandatory to fill the user extId. Unique within the underlying nevisIDM client. |
User properties | user.prop.propertyName | depends | The restrictions are defined on the property. |
User status | user.state_id | yes | Valid values: ACTIVE, DISABLED |
Valid from | user.valid_from | no | The date when the user becomes/became valid.Valid date in the format "dd.mm.yyyy hh:mm:ss" or "dd.mm.yyyy". Cannot be later than the date "Valid until". |
Valid until | user.valid_until | no | The date when the user becomes/became invalid.* Valid date in the format "dd.mm.yyyy hh:mm:ss" or "dd.mm.yyyy". |
Note that if a user is created with PUK and password credentials, the value of these credentials will be communicated to the user separately. If a PUK credential is created with a password credential on the GUI, the values of the credentials are communicated to the user together. During the user import, this use case is not supported. If a user is created with a PUK and password credentials, their values will be communicated to the user separately, according to the PUK and password policies.