You can use connectors or CSV files to bring app data into SecurEnds. For the csv file, it can be imported as a CVS, XLSX, or XLS. Best practices dictate to Save AS a CSV so that data issues, formulas, additional tabs do not become an issue. The mapping exercise for importing will guide you to how the columns in your data are assigned to SecurEnds columns.
Each application will require an attribute to make a match with the People records. This attribute can be a first name/last name (separated), an Email address or an Employee ID. Without this matching attribute, SecurEnds cannot lookup the matching identity coming in from your System of Record. If the matching attrinute is not found in the People records, the application credential will be classified as unmatched. Unmatched credentials will not be a part of campaigns. Therefore it is important to get those resolved.
While importing a CSV, you will be asked which attribute within your app data will be used to match to identities within the People records. You have the Default option of using a First and Last Name (not full name) or an email address. The second option is by an Employee ID. Note, if matching choice is Employee ID, these values must also exist in your System of Record data so it can be matched. The following bolded fields are required to be matched with columns from your imported file. If a field is not bolded below, then it that data is not required.
- Employee First Name – required if email address is not present
- Employee Last Name – required if email address is not present
- Employee Email ID – required if either first name or last name is not present. You can choose Not Present in File if needed.
- Login ID or Username (Credential) – Required
- Employee Middle Name
- Employee ID (required if used as the matching attribute option)
- Employee Access Status (keep in mind that this status will be shown in the managers reviews. You it will be blank if you do not provide one.)
- Last Authentication Date
- Role/Group/Permission – required if performing an entitlement review
- Role/Group/Permission Description – not required if this is a duplicate of the entitlement text.
- Role Created Date
- Login Created Date
What happens if a record is skipped?
- Export the skipped records and refer to the “Error Description” column for an explanation on the skipped record. This typically means there are duplicates in the data file. Or you have additional unnecessary attributes in the file causing records to appear to be duplicated.
- Sometimes, the data in the CSV or table may have true duplicates. First, dedup your data to be sure. Next, if you have other attributes in the table or columns in the CSV other than the core attributes needed for ingestion, that may cause a duplication. Meaning, maybe 2 records have the same data but extra attribute in the table or column have 2 different values for the same 2 rows for the same data. Since we are not bringing in these extra attributes, SecurEnds will drop those extra attributes and look at it like a duplicate when ingesting or executing the SELECT statement. Also, if you have 2 different Entitlement Descriptions for the same Entitlement, SecurEnds will skip the other entitlement record. So, important that a single entitlement have only one description.
What if the application does not have an optional data column such as “Employee Middle Name”?
- You are not required to match that column to the SecurEnds column header and can leave it blank or not include.
What if the application does not contain a First Name or Last Name?
- You will then need to have an email address so SecurEnds can match to an identity among the People records. An employee ID will also work as the matching attribute but only if your system of record is bringing that data into SecurEnds. Best practice says that you should bring in the first name and last name even if you have email address so that SecurEnds can utilize the First Name or Last Name for the Fuzzy Logic matching logic used for unmatched credentials.
I have a batch of unmatched users and I know their unique identifier that corresponds with the SOR data. How can I quickly match these unmatched users?
- In a scenario where a group of users are unmatched for a known reason and you wish to manually match them within SecurEnds, you can do this in bulk.
- Navigate to Users > Applications > the application with unmatched users
- Actions > More > Bulk Assign
- Select the UnMatched radio button and select Download
- The CSV will contain some data of the unmatched users (see below). Update the IAM User column/attribute (column H) with the email address that corresponds to the identity from the People records (System of Record). This is not a manager assignment. You are assigning the unmatched credential to an identity in the People view which will already have a manager assigned.
- Save your changes as a CSV. Drop or upload the file and Bulk Assign to update the new matches.
How do I delete an Application?
- Before you can delete any application, you need to restore any Purged/Excluded/Deleted credentials. Then Bulk Unassign all the credentials so all credentials become unmatched. Go to the app->Gear icon->More->Bulk Assign. Take the CSV and remove all the email address in column H (IAM User). Then Bulk Assign that csv file into SecurEnds for that application. All credentials will move to unmatched and will allow you to delete the application.