Importing Users
For most use cases Txture increases its value when accessed by many users. Thus, it is often paramount to be able to provide access to all users. Much like assets and links, Txture can also import users from various sources. When importing users, Txture creates
- a user account
- an asset corresponding to that user account (if configured using semantic tags)
for each user.
The user account handles logging in and all functionality within Txture such as sharing reports or dashboards.
The assets, in contrast, represent the user and their relationship with other assets in the IT landscape e.g. ownership in the sense of an application owner.
A typical use case for this is application owners that are to be contacted by means of a survey.
Please note that the structure in the Txture instance must include an asset type tagged with the semantic tag Natural Person and Txture User for the automatic asset creation to take place.
Typically, this has already been pre-configured in your Txture instance.
When creating a new user importer, a range of data sources can be used. Most generic data sources such as SQL or text files can be used, but of course, also LDAP/AD importers make a lot of sense when importing users. Similar to asset and link importers, user importers have a few configuration steps that are required.
In the example above the App Owners sheet from the CSV-Import-Example.xlsx file is used as the data source for importing new users.
A noteworthy checkbox is the option to "Send invitation email to newly created users".
This allows Txture to automatically invite the new users to have a look at the Txture instance.
Depending on the password settings later in this importer configuration, a password creation link will be sent to newly imported users.
Filtering and dynamic columns allow to filter the imported users and create new values on the fly while importing in exactly the same ways as with asset and link importers.
Property Mapping
The property mapping is somewhat different from the property mapping in asset and link importers. The available properties are fixed corresponding to the properties of user accounts in Txture and most of them (first name, last name, etc.) are self-explanatory. Special properties are explained in the following table:
| Property name | Description |
|---|---|
| Username | If local authentication is enabled in Txture, this username has to be used for users to login. |
| Corporate ID | When importing users for later authentication via Active Directory, this property has to be set to the Corporate ID of the users in AD. The username will not be used to match users in this case. |
| Password | Only relevant in case local authentication is enabled. Please note that passwords imported here must already be hashed using bcrypt $2a$. They typically look like this: $2a$10$ngi00BKbF1fh.eZVNRbcKOZzznCdiBCDAkLXxLWEzdRanpwmYmNWi. A useful online tool to create bcrypt hashes can be found here. |
Role Mapping
Most authentication systems allow assigning roles to users, therefore, granting specific permissions to them. Txture is no exception here and hence the last section of a user importer allows mapping imported users to roles.
Several roles can be assigned to the newly imported users depending on the contents of certain source columns. In the example above, all users with the value admin_ in their User ID are assigned to the role admin. Please note that permissions of the roles of the authenticating system are not automatically mapped to the permissions of the roles withing Txture. You will therefore need to set permissions for the roles used in the mapping here.
Info:
- The default role
All usersis always assigned to new users. - If you set role mappings in the user importer, all manually assigned roles will be overwritten with the role(s) set in the importer.
Tenant Mapping
Mapping users to tenants works similar to role mapping (see above). It is possible to assign imported users to tenants, allowing them to only access their respective assets.
Active Directory: search groups recursively
Active Directory is very well suited to model complex organizational structures. Quite often, one wants to import all users of a nested group structure such as the following:
DC=company,DC=root
+--Users
+--Groups
+--All Txture Users
+--Txture User Group Location 1
+--User A
+--User B
+--Txture User Group Location 2
+--User C
In this scenario, typically one wants to import all users that are recursively part of the group All Txture Users.
This can be achieved by using a recursive operator for filtering users.
In the Additional Filter field, enter the following query:
memberOf:1.2.840.113556.1.4.1941:=CN=All Txture Users,OU=Groups,DC=company,DC=root
Using this filter should lead to the users A, B and C being imported.
See the Microsoft Search Filter Syntax documentation for more information.