How do I batch upload users from the API?
The format of the users csv file is the same as that used through the UI CSV Upload of Users and Roles feature.
Users csv upload through HTTP
The users csv upload is available directly through HTTP. One way to do this is using cURL, but other ways are possible. An http change request (post/put/delete) requires a token. This includes operations such as login and upload users by CSV performed through the frevvo Cloud API. Customers using the Cloud API should update their API calls to provide tokens and/or use the new API.
Here are the steps:
Upload token.
export CSRF=$(curl -sIL -X GET http://localhost:8080/frevvo/web/no-op -c cookies | grep "_csrf" | cut -d" " -f2 | tr -d '\n\r')
Log in.
curl -k http://localhost:8080/frevvo/web/admin/login -d username=admin@tenant -d password=admin_password -d lAction=Login -d _csrf=$CSRF -X POST -b cookies -H Content-Type:application/x-www-form-urlencoded
Replace host, port, username and password above as correct for your implementation. For online, host=app.frevvo.com and the port is optional. Change http to https.
If your tenant is on the frevvo cloud server, and you see the error "Couldn't open file "users.csv", perform one of the following actions:
- Update the trusted certificate authorities present on your client machine
- Disable the certificate check with the cURL -k option:
curl http://host:port/frevvo/web/login -d username=admin@tenant -d password=admin_password -d lAction=Login -d _csrf=$CSRF -X POST -b cookies -H Content-Type:application/x-www-form-urlencoded -k
Upload the users csv file:
curl http://localhost:8080/frevvo/web/tn/tenantid/allUsers?_csrf=$CSRF -F notificationEmailAddress=some_email_address -F usersFile=@users-t1-100.csv -X POST -b cookies -H Content-Type:multipart/form-data
- Replace host, port, tenant.id, some_email_address and users_file.csv above as correct for your implementation. If users_file.csv is not in the current directory, adjust the path accordingly. For frevvoonline, host=app.frevvo.com and port is optional. Change http to https.
- Check the some_email_address for incoming email with the results of the load.
(Optional) Get the user csv back from frevvo. It will have all users, including all that were loaded:
curl http://host:port/frevvo/web/tn/tenant.id/allUsers -X GET -b cookies
For frevvoonline, host=app.frevvo.com and port is optional. Change http to https and add the -k option
curl http://host:port/frevvo/web/tn/tenant.id/allUsers -X GET -b cookies -k
- The response will be the users csv data.
How do I use the Security Manager Built-In Admin?
LDAP, SAML, and SAML Azure Security Managers provide a built-in admin login directly to frevvo, which is helpful if your security manager logins should become inaccessible and you need to access frevvo. This built in admin is automatically enabled from the API when using SAML, but for LDAP it needs to be explicitly enabled by setting the custom property "backdoorLogin" to true in the loginAs call. This will allow the API to login in the same way a built in admin can login using /frevvo/web/admin/login.
service.loginAs("loginAsUser", "adminuser@tenant"), "????", true, null, null, null, null, Map.of("backdoorLogin", "true"));