CSV File Importing
When a MilMove Office or Admin user is created within the MilMove application (not Okta), they will also need an account created in Okta. This will need to be done within the Okta Admin Console by an Okta Admin with the appropriate privileges.
You can find more info about Okta Admins HERE
When importing a CSV file to create or update any user, Okta requires the columns to be ones they recognize in the respective Okta profile. When filling out a CSV file, it should look like this:
CSV File Example
email,login,firstName,lastName,cac_edipi,gsa_id,role
officeUser@email.com,officeUser@email.com,John,Office,1231231231,,office
adminUser@email.com,adminUser@email.com,Jill,Admin,2342342342,,admin
gsaUser@gsa.gov,gsaUser@gsa.gov,Jimmy,GSA,,3453453453453,office
hybridUser@email.gov,hybridUser@email.gov,Susy,Hybrid,,5675675675,hybrid
homeSafeUser@homesafe.com,homeSafeUser@homesafe.com,Home,Safe,,e417b7452d1fbbb6cef6f1ba8dcf25f5186dac4e,office
This file contains all the columns that we need and will use in Okta. There are a bunch more properties that Okta uses for a profile, but these are the only ones we need for MilMove.Right now MilMove's configuration in Okta supports the following root certificate & their respective chains:
CA-3
Entrust Managed Services Root CA
ECA Root CA 4
Let's break down what values go in what in the CSV file:
- login
- firstName
- lastName
- cac_edipi
- gsa_id
- role
For GSA Users
It is variable in length, but can be found in the Subject Alternative Name property in their certificate and are the numbers to the left of their @gsa.gov email found in that property. This can be empty when importing users that are not GSA users.
For ECA Certificate Users
For ECA certificate users we are using the Subject Key Identifier value in their certificate. This is a very long string that looks like:
e417b7452d1fbbb6cef6f1ba8dcf25f5186dac4e
office -> assigns to office group
admin -> assigns to admin group
hybrid -> assigns to BOTH office and admin groups
Double Check - Triple Check
If the cac_edipi
or gsa_id
is wrong, the user will not be able to log in. Additionally, please make sure that the value in the role
column is either office
, admin
, or hybrid
and all lowercase. Please make sure to double check these values prior to importing.
GSA & ECA Certificate chains use the gsa_id
column
Anyone using CA-3 root certificates uses the cac_edipi
column
Importing CSV File into Okta
- Sign into the Okta Dashboard
- Click the
Admin
button in the top right to go to the Admin Console - In the nav bar on the left, click
Directory
- Click
People
to open the users page - There's a dropdown box that says
More actions
, click that - A dropdown menu will show, click
Import users from CSV
- Select the CSV file and click
Upload CSV
- Okta will check the headers to make sure it knows where to put the data, if successful - you'll see a success message
If it was NOT successful, Okta will show an error message and tell you what it doesn't recognize - Click
Next
- If the user will only be logging in with their CAC, check both boxes since they won't need a password (this is for office users)
If the user will be an Okta Admin and will need to sign in with additional authenticators, only check the top box since they'll need to log into Okta - If the user in each row doesn't exist - Okta will create an account for them
If the user does exist, Okta will update their profile with the values in the CSV file - Now each user will be able to authenticate with Okta (as long as the information in the file is correct)!