Skip to main content
Version: 8.2411.x.x RR

Template

The template provided in the nevisIDM GUI can either be the generic template created by nevisIDM or a prepared, customized one, e.g., with the corporate design of the company. This is controlled via the import configuration parameters of the client policy, as described in the chapter Client policy

Structure of the template

  • The first seven rows in the Excel file contain technical information. These columns must not be deleted. In the generated template, they are hidden.
    • Row 1 must contain the version of the template. The cell A2 must contain the version number. Filling in the other cells in the row is optional. The version number in the Excel file must be the same as the version number set in the client policy.
    • Row 2 must contain the language. The B2 cell must contain the two-letter language code, e.g., "en". Filling in the other cells in the row is optional.
    • Rows 3–6 can contain other technical information. Filling in these rows is optional – they can be empty, but they must not be deleted.
    • Row 7 must contain the technical names of the user attributes and properties and credential attributes.
  • Rows 8–9 can contain title, picture, logo or any other data. Filling in these rows is optional – they can be empty, but they must not be deleted. In the generated template, they are empty.
  • Row 10 contains the language-dependent names of the user attributes and properties.
  • In a custom template, the name and order of the attributes can be changed. Make sure to change the order of the technical names in row 7 as well.
  • From row 11 on, the values of the user attributes can be set. Each row represents one user. The maximum number of users is configured in the client policy.

Fields of the template

The table below contains the user and credential attributes that can be set in the Excel file. The generated template contains all user attributes and properties. It also contains all supported credential attributes if the administrator has the authorization to create credentials. A custom template does not need to contain all user attributes and properties, only the mandatory ones.

NameTechnical nameMandatoryAllowed values / Validation
Address line1user.addressline1noString(100)
Address line2user.addressline2noString(100)
Cityuser.citynoString(50)
Clientuser.client_iddependsThe name of the client that was selected on the file upload view. If nevisIDM runs in multi-client mode, this attribute is mandatory.
Countryuser.countrydependsThe two-letter ISO3166 country codes, e.g., CH, HU. Whether the attribute is mandatory depends on the value of the client policy configuration parameter *validation.user.country.mandatory (for more details, see the chapter Client policy).
Date of birthuser.birthDatenoValid date in the format "dd.mm.yyyy". Cannot be later than the current date.
E-mailuser.emailyesString(50) A valid e-mail address.
Faxuser.telefaxnoString(50) Valid if the value matches the phone number regex configured in the client policy.
First nameuser.first_namedependsString(50) Whether the attribute is mandatory depends on the value of the client policy configuration parameter validation.user.firstname.mandatory (for more details, see chapter Client policy).
Generic credential createcredential.generic.createnoThis flag indicates whether to create a generic credential or not. Its value can be "yes", "no" or empty. The generic credential will be created only if the value of this flag is "yes".
Generic credential idcredential.generic.extidnoExternal ID of the generic credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM.
Generic credential policy idcredential.
policyconfiguration.extid
noExternal ID of an existing generic credential policy configuration which belongs to the selected client. The generic credential will be created with this policy. If it is not set, the default generic credential policy will be used.
Generic credential valuecredential.generic,valueyesValue of the generic credential.
Kerberos createcredential.kerberos.createnoThis flag indicates whether to create a Kerberos credential or not. Its value can be "yes", "no" or empty. The Kerberos credential will be created only if the value of this flag is "yes".
Kerberos idcredential.kerberos.extidnoString(50) External ID of the Kerberos credential. It has to be unique per client. If it is not set, the Kerberos extid will be generated by nevisIDM.
Kerberos valuecredential.kerberos.valueyesValid Kerberos credential value. It has to be unique per client.
Languageuser.language_idyesEN, DE, IT, FR
Login iduser.login_idyesIf the login id generation is enabled, it is not mandatory to set the login id.
If the executing user/administrator does not have the authorization to set the login id, the login id must not be set.
Valid login id format.
Unique within the underlying nevisIDM client.
Mobile phoneuser.mobiledependsString(50) Valid if the value matches the phone number regex configured in the client policy. If an mTAN credential is created, setting the mobile number is mandatory.
mTAN createcredential.mtan.createnoThis flag indicates whether to create an mTAN credential or not. Its value can be "yes", "no" or empty. The mTAN credential will be created only if the value of this flag is "yes". If an mTAN credential is created, the user mobile number must be set.
mTAN idcredential.mtan.extidnoExternal ID of the mTAN credential. It has to be unique per client. If it is not set, the mTAN extid will be generated by nevisIDM.
mTAN policy idcredential.mtan.
policyconfiguration.extid
noExternal ID of an existing mTAN policy configuration which belongs to the selected client. The mTAN credential will be created with this policy. If it is not set, the default mTAN policy will be used.
Nameuser.namedependsString(100) Whether the attribute is mandatory depends on the value of the client policy configuration parameter validation.user.name.mandatory (for more details, see the chapter Client policy).
OTP createcredential.otp.createnoThis flag indicates whether to create an OTP credential or not. Its value can be "yes", "no" or empty. The OTP credential will be created only if the value of this flag is "yes".
OTP idcredential.otp.extidnoExternal ID of the OTP credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM.
OTP policy idcredential.otp.
policyconfiguration.extid
noExternal ID of an existing OTP policy configuration which belongs to the selected client. The OTP credential will be created with this policy. If it is not set, the default OTP policy will be used.
Password createcredential.password.createnoThis flag indicates whether to create a password credential or not. Its value can be "yes", "no" or empty. The password credential will be created only if the value of this flag is "yes".
Password idcredential.password.extidnoString(50) External ID of the password credential. It has to be unique per client. If it is not set, the password extid will be generated by nevisIDM.
Password policy idcredential.password.
policyconfiguration.extid
noExternal ID of an existing password policy configuration which belongs to the selected client. The password credential will be created with this policy. If it is not set, the default password policy will be used.
Password valuecredential.password.valuedependsPlain value of the password credential. It has to be a valid password value according to the selected password policy settings. If password generation is enabled per policy, the password will be generated and the provided plain value will be ignored. If the value of the policy parameter resetCodeLen0 is bigger than 0, the first part of the generated password is written into the report file that will be returned at the end of the import. In this case, the template must contain the password value field. If password generation is disabled per policy, the password value is mandatory.
Phone numberuser.telephonenoString(50) Valid if the value matches the phone number regex configured in the client policy.
Postal codeuser.postalcodenoString(10)
Profile idprofile.extidyesMust not be filled. It will be filled automatically during user creation.
Profile policy idProfile.policyconfiguration.extidNoExternal id of an existing profile policy which belongs to the selected client. If its value is set, the default profile will be created according to this policy. Otherwise, the default profile policy will be used.
PUK createcredential.puk.createnoThis flag indicates whether to create a PUK credential or not. Its value can be "yes", "no" or empty. The PUK credential will be created only if the value of this flag is "yes".
PUK idcredential.puk.extidnoExternal ID of the PUK credential. It has to be unique per client. If it is not set, the credential extid will be generated by nevisIDM.
PUK policy idcredential.puk.
policyconfiguration.extid
noExternal ID of an existing PUK policy configuration which belongs to the selected client. The PUK credential will be created with this policy. If it is not set, the default PUK policy will be used.
PUK valuecredential.puk.valuedependsPlain value of the PUK credential. The value of the PUK credential is always generated. Therefore, this field cannot be set in the input template. The PUK value is set to the returned Excel template if the parameter plainValueExposedToCaller is true in the PUK policy configuration. In this case, the template must contain the PUK value column.
Remarksuser.remarksnoString(1000)
SecurID createcredential.securid.createnoThis flag indicates whether to create a SecurID credential or not. Its value can be "yes", "no" or empty. The SecurID credential will be created only if the value of this flag is "yes".
SecurID idcredential.securid.extidnoExternal ID of the SecurID credential. It has to be unique per client. If it is not set, the SecurID extid will be generated by nevisIDM.
SecurID valuecredential.securid.valuedependsIf the user loginID is set in the template, the SecurID value is not mandatory. In this case, the default value of the SecurID credential is the user's loginID. If the user loginID is not set in the template, the SecurID value is mandatory.
Sexuser.sexdependsValid values: MALE, FEMALE Whether the attribute is mandatory depends on the value of the client policy configuration parameter *validation.user.sex.mandatory (for more details, see the chapter: Client policy).
Status codesystem.status.codeyesMust not be filled. It will be filled automatically during user creation. If the user was successfully created, the status code is "ok". If an error occurred during user creation, the status code contains an error message.
Template collectionuser.template_collectionnoName of an existing template collection which belongs to the selected client.
Titleuser.titlenoString(20)
Unituser.unit_idyesExtId of an existing unit that belongs to the selected client.
The unit has to be active and not marked profileless.
The executing user/administrator has to be authorized for this unit.
URL Ticket createcredential.urlticket.createnoThis flag indicates whether to create a URL ticket credential or not. Its value can be "yes", "no" or empty. The URL ticket credential will be created only if the value of this flag is "yes". If the parameter "urlPrefix" is not set in the URL ticket policy, the URL ticket credential cannot be created.
URL Ticket idcredential.urlticket.extidnoExternal ID of the URL ticket credential. It has to be unique per client. If it is not set, the URL ticket extid will be generated by nevisIDM.
URL Ticket policy idcredential.urlticket.
policyconfiguration.extid
noExternal ID of an existing URL ticket policy configuration that belongs to the selected client. The URL ticket credential will be created with this policy. If it is not set, the default URL ticket policy will be used.
User iduser.extidyesIt is not mandatory to fill the user extId.
Unique within the underlying nevisIDM client.
User propertiesuser.prop.propertyNamedependsThe restrictions are defined on the property.
User statususer.state_idyesValid values: ACTIVE, DISABLED
Valid fromuser.valid_fromnoThe date when the user becomes/became valid.
Valid date in the format "dd.mm.yyyy hh:mm:ss" or "dd.mm.yyyy".
Cannot be later than the date "Valid until".
Valid untiluser.valid_untilnoThe date when the user becomes/became invalid.
Valid date in the format "dd.mm.yyyy hh:mm:ss" or "dd.mm.yyyy".
note

If a user is created with PUK and password credentials, the value of these credentials will be communicated to the user separately. If a PUK credential is created with a password credential on the GUI, the values of the credentials are communicated to the user together. During the user import, this use case is not supported. If a user is created with a PUK and password credentials, their values will be communicated to the user separately, according to the PUK and password policies.