Importing and Exporting Users, Groups, and AppRoles
Oracle Identity Cloud Service may be one among many repositories in your organization. When you start using Identity Cloud Service, you might want to load data from the other repositories. Bulk loading offers a solution to this requirement.
Bulk loading automates the process of loading a large amount of data into Oracle Identity Cloud Service. You can bulk load users, groups, and application roles using the Oracle Identity Cloud Service REST APIs or the UI. The Bulk Loading Data into Oracle Identity Cloud Service section of the Administering Oracle Identity Cloud Service provides more information on bulk loading using the Oracle Identity Cloud Service UI.
Note:
To safely handle the export of the CSV file from Oracle Identity Cloud Service, any cell values that start with the following characters are escaped. This ensures that if a cell value starts with one of these blacklisted values, it is escaped in the CSV, which avoids CSV injection. For example, during export if the value is@test, the actual value will be
'@test'.
- At:
@ - Plus:
+ - Minus:
- - Equals to:
= - Pipe:
| - Percentage:
%
'@test', the actual value will be
@test.
| Operation | Description | Administrator Role Required | More Information |
|---|---|---|---|
| Import Groups | Create groups, modify existing groups, and assign users to groups. | The Identity Domain Administrator has permissions to trigger the resource specific job The User Administrator has permissions to trigger the resource specific job |
The maximum number of rows in group import file must not exceed 100,000 and import file size must not exceed 52 MB. For best performance, it is recommended that maximum number of user members per group row in your CSV file must not exceed seven. |
| Import Users | Create users and modify existing users. | The Identity Domain Administrator: has permissions to trigger resource specific job The User Administrator has permissions to trigger the resource specific job |
The maximum number of rows in user import file must not exceed 100,000 and import file size must not exceed 52 MB
You can include a password in unhashed plain text or in hashed format. Oracle Identity Cloud Service uses {PBKDF2-HMAC-SHA256} by default for hashing passwords that are provided as a plain text value. Oracle Identity Cloud Service supports the following crypto algorithms for user import:
Example Hashed Password: See Create a User for details on how to generate a hashed password value. If you want users to use their federated accounts to sign in to Oracle Identity Cloud Service, then you must set the Federated column to TRUE for those users. When the federated flag is set, Oracle Identity Cloud Service no longer manages the federated user's password. This prevents Oracle Identity Cloud Service from forcing a password change for these imported user accounts. If you don't want users to be notified that Oracle Identity Cloud Service created accounts for them, then you must set the ByPass Notification column to TRUE for those users. The ByPass Notification flag controls whether an email notification is sent after creating or updating a user. |
| Import Application Role Memberships | Assign users and groups to application roles. | The Identity Domain Administrator has permissions to trigger the resource specific job The Application Administrator has permissions to trigger the resource specific job |
Use of the The maximum number of rows in Application Role Memberships import file must not exceed 100,000 and import file size must not exceed 52 MB. |
| Export Groups | Export groups and group membership. | The Identity Domain Administrator has permissions to trigger the resource specific job The User Administrator has permissions to trigger the resource specific job |
|
| Export Users | Export users. | The Identity Domain Administrator has permissions to trigger the resource specific job The User Administrator has permissions to trigger the resource specific job |
|
| Export Application Role Memberships | Export AppRole memberships. | The Identity Domain Administrator has permissions to trigger the resource specific job The Application Administrator has permissions to trigger the resource specific job |
Export AppRole memberships to only a single application. Exporting across multiple applications exports the membership of various AppRoles across all applications. |
Download the Template
Use the following link to download the bulkImportSampleFilesCSV.zip file: Download the Templates. The bulkImportSampleFilesCSV.zip file contains CSV templates for importing users (Users.csv), groups (Groups.csv), and AppRoles (AppRoleMembership.csv) to Oracle Identity Cloud Service.
There are many columns provided in the templates. For example, the Federated column (which supports either TRUE or FALSE) indicates whether to mark users that are created as federated. The ByPass Notification column (which supports either TRUE or FALSE), indicates whether an email notification is sent after creating or updating a user.
To access the complete list of allowed csv column names and their descriptions, use the following request:
GET tenant-base-url/admin/v1/ResourceTypeSchemaAttributes?filter=resourceType eq "User" and idcsCsvAttributeName pr&attributes=name,idcsCsvAttributeName,idcsDisplayName,description,type,required,canonicalValues,mutability,caseExact,multiValued,idcsMinLength,idcsMaxLength,idcsSearchableExample Response
{
"name": "customerId",
"mutability": "readWrite",
"idcsMinLength": 5,
"type": "string",
"idcsSearchable": true,
"idcsDisplayName": "Customer ID",
"description": "Customer Identification Number",
"idcsMaxLength": 30,
"multiValued": false,
"required": false,
"caseExact": true,
"idcsCsvAttributeName": "Customer ID"
}More Information