Importing Users and User Groups from a CSV File

This section describes how to create users and user groups in batches by importing users and user groups from a CSV file to a FW.

Prerequisites

Have available a CSV file. A CSV file can be obtained in either of the following ways:

Exporting user information on a FW into a CSV file. For details on how to export a CSV file, see Follow-up Procedure in Creating Users and User Groups.
Log in to the Web UI of the device, choose Object > User > User Import > Local Import > User Import to download a CSV template. Read the instructions on the CSV template and fill in user information. Figure 1 shows a CSV file.
- The CSV file can contain Chinese characters, English letters, digits, and special characters.
- A login name and security group name cannot contain any slashes (/), commas (,), quotation marks ("), question marks (?), or at sign (@). A group path cannot contain quotation marks (").
- The CSV template supports two account expiration time formats: YYYY/MM/DD HH:MM:SS and YYYY-MM-DD HH:MM:SS. If the time format is incorrect, the import will fail. After the CSV file is edited and saved on a management PC, the account expiration time format automatically changes to the date format of the management PC. For example, if the date format on the management PC is MM/DD/YYYY, after the CSV file is saved, the account expiration time format automatically changes from YYYY/MM/DD to MM/DD/YYYY. If you import the CSV file to the FW, the import fails. Therefore, before importing the CSV file, ensure that the date format of the management PC is one of the formats supported by the FW.
- During local authentication, the login name and local password are mandatory in the CSV file. During server authentication (using a third-party server), the login name is mandatory in the CSV file.
- A group path must start with the authentication domain. For example, /default/research indicates the research group in the default authentication domain. To import users to another authentication domain, proceed to Creating an Authentication Domain.
Figure 1 CSV file format

Context

The following rules apply when you import users and user groups in batches:

The name of a CSV file must end with the extension .csv.
If the number of users reaches the upper limit, the import process stops, and no more users can be imported. If the attribute of a user in the CSV file is invalid, this user and subsequent users cannot be imported.
After a CSV file is successfully imported, user information only exists in the memory. Save configurations immediately. Otherwise, user information may be lost after the FW restarts.
In the dual-system hot backup scenario, you need to import a CSV file to both the active and standby FWs. This is because the active FW does not automatically synchronize the imported users to the standby FW.
During user/user group information import, a user group with no users cannot be imported to the device.

Procedure

Run the following command in the system view to import users and user groups.
user-manage user-import csv-file [ auto-create-group | override ] ^*

If a user group or security group does not exist on a FW and the auto-create-group parameter is specified, the FW automatically creates the user group or security group during the import. If the auto-create-group parameter is not specified, users are imported to the /default user group.

If a user already exists on a FW and the override parameter is specified, the FW updates user attributes to those specified in the CSV file.

The import may take some time. Please wait.