Import users via CSV
You can import multiple local users into ASMS from a CSV file. This allows you to onboard large numbers of users without manually configuring each of them.
Prepare a users CSV file
Do the following:
-
Open a new text file.
-
In the first line of the file, type a list of column headers.
For a list of supported headers, refer to the following table. The headers must be separated by commas.
-
For each user you want to import, type a new line containing values that correspond to the column headers.
Refer to the following table for information about each header's possible values. The values must be separated by commas. If no value is specified, the default is used.
For example:
username,password,fullname,email,note,policy_change,administrator,authentication_type,default_fw_profile,firewallsJohnS,JohnSPass,John Smith,[email protected],customersupport,yes,yes,,readonly,(ECZ_ASA1;yes;Standard)(ISG1000_root:trust-vr;yes;Standard)JaneB,,Jane Brown,[email protected],sales,no,no,ldap
-
Save the file.
Supported column headers
|
Header Name |
Description |
Possible Values |
|---|---|---|
|
username |
The username to assign the user. This header is mandatory. |
Any |
|
fullname |
The user's full name. This header is mandatory. |
Any. |
|
|
The user's email address. This header is mandatory. |
An email address in standard email address format. |
|
note |
Notes about the user. |
Any. |
|
password |
The password to assign the user. |
Any |
|
policy_change |
|
|
|
group_changes |
Indicates whether the AFA system should send notifications to the user when a group report is generated. |
|
|
all_changes |
Indicates whether the AFA system should send notifications to the user when a report is generated. |
|
|
configuration_changes |
Indicates whether the AFA system should send notifications to the user when configuration changes are made. |
|
|
object_expirations |
Indicates whether the AFA system should send notifications to the user when device rules and/or VPN users are about to expire. |
|
|
error |
Indicates whether the AFA system should send error messages to the user. These include low disk space and license expiration warnings. This header is only relevant for administrators. |
|
|
customizations |
Indicates whether the AFA system should send notifications to the user when customization changes are made. These include notifications about topology, trusted traffic, and risk profile customizations. This header is only relevant for administrators. |
|
|
authentication_type |
The type of authentication to use for this user. For information on configuring AFA to work with a RADIUS Server or an LDAP server, see Configure user authentication. |
|
|
administrator |
Indicates whether to make the user an administrator. |
|
|
run_file_analysis |
Indicates whether to allow the user to perform analyses from configuration files. |
|
|
global_customization |
Indicates whether to make the user a FireFlow configuration administrator. This enables the user to perform advanced configuration tasks in FireFlow. |
|
|
fireflow_admin |
Indicates whether the FireFlow user can perform advanced configuration tasks, such as using VisualFlow to edit workflows. |
|
|
default_fw_profile |
The user's default access level to devices. |
|
|
firewalls |
A list of devices for which the user should be granted permissions. |
Each device in the list must be in the following format: (deviceName;notify;permissionProfile)where:
Multiple devices should not be separated by anything For example: (device)(device)(device)... |
Run the import users script
This procedure describes how to import users into AFA from an CSV file.
Do the following:
- Open a terminal and log in using the username "afa" and the related password.
-
Enter the following command:
import_users -f CSVFile
For information on the command's flags, see the following table.
The import_users script runs and imports users from the file into both AFA and FireFlow.
Import users script flags
|
Flag |
Description |
|---|---|
|
-f CSVFile |
The name of the CSV file. Note: The file must be located in the current directory. |
Yes 
No 
