Sample.csv Template Fields
The following table describes the template fields in the Sample.csv file. Enter values for each entity type according to the headings designated in the template file. Do not change the template headings; the import functionality requires that the headings match those in the template exactly. The order that you enter entities (Systems, Domains, Databases, and Accounts) into the import file does not affect import functionality.
| For this template field | You need to do this |
|---|---|
| Entity Type | Enter one of the following entity types: System Domain Database Account This field is required. |
| Name | Type the display name of the system, domain or database you want to add. As illustrated by the examples in the template, you can have multiple lines with the same name. For example, if you are adding more than one account for the same system, list each account as a separate line with the same system name. This field is required and applies to Systems, Domains, and Databases. |
| FQDN | Type the fully-qualified domain name or IP address of the System or Database you want to add. If you are only adding an account for a system that was previously added, you should not specify the FQDN field. This field is required and applies to Systems and Databases. |
| Description | Type any descriptive information you want to add for the entity. This field is optional and applies to Systems, Domains, Databases, and Accounts. |
| ComputerClass | Specify the type of system you are adding. You can specify one of the following values for this field: Windows Unix GenericSsh Cisco AsyncOS CiscoIOS CiscoNXOS JuniperJunos HPNonStopOS IBMi CheckPointGaia PaloAltoNetworksPANOS F5NetworksBIGIP VMwareVMkernel This field is required and applies to Systems. |
| ProxyUser | Type the name of the “proxy” user for a system. This field is optional and applies to Systems. For more information about the “proxy” user for Windows systems, see the following topic: Configuring a proxy user for password operations For more information about the “proxy” user for UNIX and Juniper systems, see the following topic: Specifying a proxy account for root |
| ProxyUserPassword | Provide the password for the “proxy” user for a system. This field is optional and applies to Systems. For more information about the “proxy” user for Windows systems, see the following topic: Configuring a proxy user for password operations For more information about the “proxy” user for UNIX and Juniper systems, see the following topic: Specifying a proxy account for root |
| ProxyUserIsManaged | Specify whether you want to manage the password for the “proxy” user. This field is optional and applies to Systems. You can specify TRUE if you want the Privileged Access Service to manage the password for the “proxy” account, or FALSE if you want to leave the password unmanaged. |
| ResourceDomain | Type the name of the domain that the system is joined to. This field is optional and applies to Systems. |
| ResourceDomainOperationsEnabled | Specify whether you want to use the domain administrative account to enable zone role workflow. You specify TRUE if you want to use the domain administrative account to enable operations such as zone role workflow, or FALSE if you do not want to use the domain administrative account to enable domain operations. In order to enable domain operations for a system, the user must have grant rights over the domain or else the import will fail. This field is optional and applies to Systems. |
| ResourceSessionType | Specify whether you want to use secure shell or remote desktop for remote connections. Enter Ssh for secure shell or Rdp for remote desktop. This field is required and applies to Systems. |
| ResourceSessionTypePort | Enter the port to be used for remote connections. You only need to enter a value if you do not want to use the default port (default port for SSH is 22 and for RDP it is 3389). This field is optional and applies to Systems. |
| ResourceWindowsManagementMode | For Windows System types , you can choose a management mode to manage the system. Enter one of the following management modes: Unknown (this is equivalent to auto-detect in the Admin Portal) Smb WinRMOverHttp WinRMOverHttps RpcOverTcp Disabled This field is optional and applies to Systems. |
| ResourceWindowsManagementPort | For Windows, F5 Networks BIG-IP, and Palo Alto Networks PAN-OS Systems, enter the management port to be used for password management. This field is optional and applies to Systems. |
| PasswordProfile | Enter a name to add a customized password profile to define the rules applied when managed passwords are generated for systems, domains, or databases. For more information about customizing a password profile, see Configuring password profiles. This field is optional and applies to Systems, Domains, and Databases. |
| SetName | Enter a name for system, domain, database, or account sets. Sets are logical groups of a particular type (system, domain, database, or account) to simplify management activity and reporting for entities with attributes in common. To enter more than one set name for an entity, separate the entries by a |. For example, SystemSet1|SystemSet2|SystemSet3. This field is optional and applies to Systems, Domains, Databases, and Accounts. |
| DefaultCheckoutTime | Enter a number to specify the length of time (in minutes) that a checked out password is valid. The minimum checkout time is 15 minutes. If no value is specified, the default is 60 minutes. Also see, Setting systemspecific policies. This field is optional and applies to Systems, Domains, Databases, and Accounts. |
| AllowRemote | Enter TRUE if you want to allow remote connections from a public network for a selected system of FALSE if you do not want to allow remote connections from a public network. This field is optional and applies to Systems. |
| ParentEntityTypeOfAccount | Enter the type of entity related to the account (System, Domain or Database). This field is required and applies to Accounts. |
| ParentEntityNameOfAccount | Enter the display name of the system, domain or database associated with the account. This field is required and applies to Accounts. |
| User | Type the user name for an account to be used with Systems, Domains, and Databases. This field is required and applies to Accounts. |
| Password | Type the password for the account to be used with the system. This field is optional and applies to Accounts. |
| IsManaged | Specify whether you want to manage the password for the user account you are adding for the system. You can specify TRUE if you want the Privileged Access Service to manage the password for the account, or FALSE if you want to leave the password unmanaged. This field is optional and applies to Accounts. |
| AccountMode | Enter the term Expert to add an expert mode account for Checkpoint Gaia systems. This field is optional and applies to Systems. |
| UseProxy | Specify whether you want to add a “proxy” account for the system. Specify TRUE if you want to use a “proxy” account, or FALSE if you don’t want to add a “proxy” account for the system. For UNIX and Juniper systems, use this field if your secure shell environment is configured to not allow the root user to access computers remotely using SSH. You can also use this field for Windows systems if you want to use a proxy account for Windows Remote Management (WinRM) connections to a system. This field is optional and applies to Accounts. |
| DatabaseServiceType | Specify the type of database you are adding. Enter one of the following types: SQLServer Oracle SAP Adaptive Server Enterprise (ASE) This field is required and applies to Databases. |
| OracleServiceName | For Oracle databases, you must enter the service name assigned to the Oracle database. Also see, Adding databases. This field is required and applies to Databases. |
| SQLInstanceName | For SQL Server databases, you must enter the instance name assigned to the database. Also see, Adding databases. This field is optional and applies to Databases. |
| DatabasePort | Specify the port number used to check the status of the database and when updating database passwords. This field is optional and applies to Databases. |
| ParentDomain | If a child domain is configured, enter the name of its parent domain. This field is optional and applies to Domains. |
| AdministrativeAccount | Enter an account in the format admin@childdomain, admin@mycompany.com or a local account that needs to be set as the administrative account. This field is optional and applies to Systems and Domains. |
| AllowAutomaticAccountMaintenance | Specify TRUE to allow out-of-sync passwords to be reset and managed accounts to be unlocked during login or checkout, or FALSE if you do not want to allow it. Requires an Administrative Account be defined for the domain. This field is optional and applies to Domains. |
| AllowManualAccountUnlock | Specify TRUE to allow users with the Unlock Account permission to manually unlock accounts, or FALSE if you do not want to allow accounts to be manually unlocked. Requires an Administrative Account be defined for the domain. This field is optional and applies to Domains. |
| AllowMultipleCheckouts | Specify whether multiple users can have the same domain account password checked out at the same time for a system, domain, or database. Enter FALSE if only one user is allowed to check out the password at any given time. Enter TRUE if you want to allow multiple users to have the account password checked out at the same time without waiting for the password to be checked in. Also see, Allow multiple password checkouts. This field is optional and applies to Systems, Domains, and Databases. |
| AllowPasswordRotation | Specifies if the managed password should be rotated periodically by Privileged Access Service for a system, domain, or database. Enter TRUE to allow periodic password rotation or FALSE to not allow periodic password rotation. This field is optional and applies to Systems, Domains, and Databases. |
| PasswordRotateDuration | Specifies the interval at which managed passwords are automatically rotated. Enter the maximum number of days to allow between automated password changes for managed system, domain, or database accounts. This field is optional and applies to Systems, Domains, and Databases. |
| MinimumPasswordAge | Enter the minimum number of days before a password must be rotated. This field is optional and applies to Systems, Domains, and Databases. |
| AllowPasswordHistoryCleanUp | Specifies if the retired passwords should be deleted periodically by Privileged Access Service. Enter TRUE to allow periodic password history cleanupor FALSE to not allow periodic password history cleanup. This field is optional and applies to Systems, Domains, and Databases. |
| PasswordHistoryCleanUpDuration |
