Import Users

Last modified on October 4, 2023

This document explains how to import multiple users into StrongDM using a single command. It also explains how to update users and assign users into their roles via the sdm admin users command. You can do this either with JSON or with CSV.

Get the JSON Template

You may use the sdm admin users add --template > import.json command to get a JSON template to modify for later import.

Example Import JSON

Here’s an example JSON for adding two users. Each user must have a unique email.

[
  {
    "firstName": "Engineer",
    "lastName": "One",
    "email": "engineer1@example.com"
  },
  {
    "firstName": "Sales",
    "lastName": "Two",
    "email": "sales2@example.com"
  }
]

Run the Import

Once you have created your JSON, you can easily import it into StrongDM.

sdm admin users add --file import.json

Update Users

To get the current state of StrongDM users in JSON format run sdm admin users list -j > export.json. Once you have the state you can modify the JSON and update the users by running sdm admin users update --file export.json.

Assign Roles

Similarly you can batch assign users to roles. Use this command to create a template: sdm admin users assign --template > assign.json.

[
  {
    "roleID": "1",
    "roleName": "Engineering",
    "users": [
      {
        "id": "0",
        "email": "engineer1@example.com"
      }
    ]
  }
]

You can add multiple role and user assignments into a single JSON. Once the JSON is ready, you can update role assignments using sdm admin users assign --file assign.json.

Use CSV

If you prefer, you can achieve the same results by using CSV files instead. You can import multiple users via CSV with the command sdm admin users add -c -f <PATH_TO_CSV_FILE>. The format of this file is (no headers):

firstname,lastname,email

Adding users to roles is a little more involved, but it’s possible with a bit of bash scripting. Adding users to roles via the CLI uses this format: sdm admin users assign <ROLE> <EMAIL_1> <EMAIL_2> ... <EMAIL_N> so you’ll need to create a CSV with this format (no headers):

role,email1,email2,...,emailn

With that file created, use the following script to import it. You can run the script as an admin or using an admin token.

#!/bin/bash

while IFS='' read -r line || [[ -n "$line" ]]; do
    expanded=`echo $line|sed -e 's/,/ /g'`
    sdm admin users assign $expanded
done < "$1"