16.3 Understanding and Configuring CSV Templates

Identity Governance provides the following templates for CSV:

  • CSV Identity

  • CSV Account

  • CSV Permission

  • CSV Fulfillment

For additional information about configuring CSV templates, see the following sections:

16.3.1 Collecting from CSV Files Using Cloud Bridge

NOTE:Identity Governance supports Cloud Bridge only in Identity Governanceas a Service deployments.

Note that if you plan to collect from CSV files using Cloud Bridge, you must place the files in the conf directory. Navigate to the location where the Cloud Bridge Agent is installed, then place the CSV file in the conf directory or create different subfolders to separate the applications and place the file in the subfolders. For example:

  • /opt/netiq/mycba/conf/users.csv or

  • /opt/netiq/mycba/conf/csv/oracle/users.csv

Alternately, drop the CSV files to a subfolder of the conf directory that a network administrator previously configured as an NFS mount. This method enables data administrators from various locations, to place the CSV files without requiring access to the server where the Cloud Bridge Agent is installed.

IMPORTANT:We do not support changes within the Cloud Bridge container.

Before collecting, administrators need not restart the Cloud Bridge Agent when creating new subfolders in the conf directory or when placing new CSV files in those directories.

16.3.2 About CSV Collectors

A CSV file provides a simple method for storing user account or permissions information that cannot be collected from other data sources. You can include group, account, permission, or user data in the file. For all CSV collections, data administrators need to generate the CSV and make it available to the Identity Governance service through a file share, http, or local file system. To collect from a CSV file, you must specify the full path to the file.

When configuring the CSV collector:

  • Start the root path file on the Services Parameters section of the template page with /conf and end with /. For example, /conf/.

  • If you placed the CSV file in subfolders, append the subfolder names to the root file path. For example, /conf/csv/oracle/.

  • Enter the CSV file name in the Collect Views section of the template page. For example, users.csv.

If you use a CSV file as an identity source, you might also want to instruct Identity Governance to map the collected users to their collected group memberships. The Group Members (Users and Groups) setting allows you to specify an attribute in the CSV file that you want to use for mapping users and groups to groups. However, you can use this setting only when a given value for the specified attribute is not used to identify both a user and a group. For example, if you export data from Active Directory to the CSV file, you can use DN as the Group Members attribute. Otherwise, you can use Collect Group to User Membership or Collect Parent Group to Child Group Relationships to map users or groups to groups. These two settings match the specified attribute in the collected user or group data, respectively.

In preparing a CSV file, ensure that any values written into a column of the file do not contain any carriage returns and line feeds, since these characters define record boundaries in the CSV file.

NOTE:The CSV collector supports TSV files. In the Column Delimiter field, you enter the word tab in uppercase, lowercase, or any combination thereof. To collect from a CSV file, you must specify the full path to the file.Test connection is not supported when the CSV collector is accessed through an HTTP or HTTPS connection.

16.3.3 About CSV Fulfillment

This fulfillment target creates a CSV file in the specified directory that contains the attributes you configured in the fulfillment target.