Auto-enrolling users by importing data from external databases
Using this option, you can connect databases such as Oracle, MS SQL, MySQL, and PostgreSQL with ADSelfService Plus, and import the enrollment data stored in them. This option comes in handy if you already have all the necessary enrollment data stored in an external database. Before importing the enrollment data, make sure to configure the settings for the respective authenticators in the self-service policies. To learn more on how to set up the authenticators supported by ADSelfService Plus, click here.
Import data formats
The data imported should follow the specified formats for each authenticator as mentioned in the table below.
Column name can be any name that you set for your database specified via the SQL.
Column names |
Allowed formats |
question |
It must be a security question. Eg., What is your favourite colour? |
answer |
It must be the corresponding answer to the security question. Eg., Yellow. |
mobile |
It must contain numbers 0 through 9. |
mail |
It must be a valid email address |
sAMAccountName |
It must be a valid user in AD. |
googleauthsecretkey |
It must contain letters "A-Z" or "a-z" and numbers "2-7". |
microsoftauthsecretkey |
It must contain letters "A-Z" or "a-z" and numbers "0-9". |
zohooneauthsecretkey |
It must contain letters "A-Z" or "a-z" and numbers "0-9". |
customtotpsecretkey |
It must contain letters "A-Z" or "a-z" and numbers "0-9". |
customtotphardwareserialnumber |
It must contain letters "A-Z" or "a-z" and numbers "0-9". |
Important note:
- The length of secret keys must be greater than or equal to 16 and lesser than or equal to 350.
- The length of serial numbers must be greater than or equal to 4 and lesser than or equal to 250.
Steps for establishing a connection with the external database
- Log in to the ADSelfService Plus web console as an admin.
- Navigate to Configuration → Administrative Tools → Quick Enrollment → Import Enrollment Data from External Database.
- Click Add New Data Source.
- Enter a Connection Name for the data source.
- Select the type of database that you want to connect to from the Select DB Server drop-down.
- Enter the Host Name/IP Address and Port number of the database server.
- Enter the name of the database that stores your enrollment data in the DB Name field.
- In the Username and Password fields, enter the credentials of a user who has privileges to query the database server.
- Click Create.
Steps for fetching data from the connected database (or) Steps for importing data from the connected database
- Back on the Import Enrollment Data from External Database screen, click Add New Fetcher.
- Enter a name in the Fetcher Name field.
- Select the connection that you just created from the Select the Connection drop-down.
- Select a policy from the Select Policy drop-down.
- Select the enrollment data that you want to import from the Import drop-down.
-
In the SQL Query field, type the appropriate query to fetch the necessary data from the database table. For example, if you have configured Security Question & Answer and Hardware Token and wish to import the data for these authenticators, the following is the sample query that needs to be entered.
Sample query:
Select UserName, Question, Answer, CustomTOTPSecretKey, CustomTOTPHardwareSerialNumber from TableName;
Important note: The query with the values to be fetched entered should follow the order in which the authenticators for which the data needs to be imported are checked/selected.
-
Click Save.
Methods to import user enrollment data
-
Manually : If there are new users added to the database, then simply click the Fetch Again icon to enroll the newly added users.
-
Automatically : You can also set up a scheduler to update the enrollment data of new users at regular intervals automatically.