Add multiple accounts from a file

This topic describes how to add multiple accounts to the Vault using a file.

Overview

Frequently there is a need to upload a large number of known accounts into PAM - Self-Hosted from an existing repository. This is especially valuable during the early stages of implementing PAM - Self-Hosted, migrating from another PAM solution, or when onboarding a new department into the PAM - Self-Hosted solution.

The Add multiple accounts from a file option enables you to:

  • Download a sample file
  • Upload an accounts file
  • View the status of the upload process
  • Download a detailed result file with the failed accounts and error messages

All of these actions are performed in the Add accounts from file window.

The Add multiple accounts from a file option is asynchronous and enables customers to disconnect from PVWA while the upload process runs in the background, ensuring that all accounts are onboarded.

In addition, using this option reduces 50% of the onboarding time in PVWA compared to existing REST API scripts, and enables a much faster roll-out of PAM - Self-Hosted programs.

 

You can also add multiple accounts from a file using a REST API. For more information, see Create bulk upload of accounts.

Add multiple accounts from a file

You must have the following authorizations in at least one Safe to perform this procedure:

  • Add accounts
  • Update account conten
  • Update account properties
 

You can upload only one file at a time in the PVWA. Multiple users cannot upload files at the same time.

To add multiple accounts:

  1. In the PVWA, in the Accounts page, click the arrow next to Add account.

  2. Select Add accounts from file.

  3. In the Add accounts from file window, click Download a sample CSV file to use a sample CSV file as a template.

    This file contains a header row with the user properties for each account. You can revise the user properties as needed, and add the account information in the relevant columns. For more information, see Accounts file, below.

  4. Do one of the following:

    • Drag and drop the CSV file to the Add file box.

    • Click to browse, locate and select the CSV file.

    The file is checked to make sure that the mandatory information is included. If information is missing or requires attention, an error appears. If all the required information is in the file, the number of accounts in the file appears.

     
    • There are limitations for the accounts in a file, and for the file that you upload. For more information, see Limitations, below.
    • The safes that are being used need to be in the Allowed Safes of the relevant platform.
  5. Click Upload.

    A confirmation message appears, and the process of adding accounts to the system begins.

     
    • The upload process cannot be cancelled.
    • If you are uploading a large file, it may take a while for the process to complete. Because the upload process is running in the background, you can perform other tasks during the upload.
  6. To see which accounts have been added during the upload process, click Refresh in the Accounts page.

  7. To check the status of the upload, open the Add accounts from file window, and click Refresh. To view a list of status messages, see Troubleshooting.

When the upload process completes, a confirmation message appears. You can now upload another file, if required.

Accounts file

Password parameters that are uploaded to the Vault are stored in a text file as Comma Separated Values (CSV) according to the downloaded template.

The first row in the template file contains the names of the password properties as specified in the Create bulk upload of accounts API. The remaining lines in the file represent account objects and the properties of the account according to the properties in the first row of the file.

In order to add multiple accounts using a file, you need to create a CSV file that contains all the accounts that you want to upload, and the relevant properties for each account.

Make sure that each account contains the following information:

  • Safe name and Platform ID
  • Data for other properties based on the account's policy requirements
 
  • Only CSV files are supported.

Troubleshooting

During the upload process or after it has finished, you may receive one or more status messages.

To view the status of the upload process:

  • Open the Add accounts from file window.

    Any of the following messages may appear at the top of the window.

Message

Description

Creating accounts from myfile.csv is in progress

The file that you uploaded is processing. The accounts in the file are being created and added to the system.

  • To check the status of the upload, click Refresh.

If you want to upload another file, you must wait until the current file has completed uploading.

Account upload process is running right now. Try again later.

Another user has uploaded a file and it's still processing.

  • To check the status of the upload, click Refresh.

If you want to upload a file, you must wait until the current file has completed uploading.

Only <number> accounts were created from this file

or

No accounts were uploaded from this file

There is a problem with some or all of the accounts in the file.

  • Click see failures to open a CSV file that contains a list of all the accounts that failed to upload.

In the CSV file, in addition to the list of failed accounts, two columns have been added: Errors and uploadIndex. For each account there is an error explaining why the account failed to upload, and an index number of the account's location in the original file. Also, the secrets for each account have been deleted.

Perform the following actions:

  1. Fix the errors for each account.
  2. Add the secrets for each account.
  3. Upload the file again (the uploadIndex and Error columns are ignored).
The upload process failed due to a server error. Please try again.

An error occurred during the upload process.

  • Click see log to open a text file that tells you why the process failed.

Some of the accounts in the file may have been added before the issue occurred. If so, perform the following actions:

  1. Delete these accounts either from the CSV file or from the system (deleting these accounts prevents the creation of duplicate accounts).
  2. Upload the file again.

Limitations

  • Linked accounts and dependencies are not supported.
  • All accounts must be uploaded into existing Safes and groups.
  • Each file can contain a maximum of 10,000 accounts.
  • The upload process cannot be cancelled.
  • You must wait for the current file to finish uploading before you can upload another file.
  • Multiple users cannot upload files at the same time.