LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • 🏠Veza Documentation
  • ☑️Getting Started
  • 📖Veza Glossary
  • ❓Product FAQ
  • 🛡️Security FAQ
    • Advanced Security FAQ
  • Release Notes
    • 🗒️Release Notes
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • 🔎Access Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • 💡Access Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • 🔏Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Managers and Resource Owners
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • 📊Access Monitoring
    • 🔄Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • ⚖️Separation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • ✨Veza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • 🎯Integrations Overview
    • ⚠️Prerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • ⚙️Configuring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • ℹ️Running Veza Scripts with Python
  • Administration
    • 🛠️Veza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • 🌐Veza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • 🆕Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Veza’s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page
  • Overview
  • Adding a CSV Integration
  • CSV Column Mapping
  • Data Type Handling
  • Updating a CSV Integration
  • CSV Manager Role
  • Processing Rules
  • Related Documentation

Was this helpful?

Export as PDF
  1. Integrations
  2. Veza Integrations

CSV Upload

Import identity and authorization data from CSV files into Veza

PreviousCrowdstrike FalconNextCSV Upload Examples

Last updated 14 days ago

Was this helpful?

Overview

Use CSV Upload to integrate identity and authorization metadata from sources that don't have built-in Veza connectors, but support exporting this information in tabular format.

You can create a CSV integration in Veza to:

  • Import user and authorization data from legacy or custom applications

  • Integrate with SaaS applications that support CSV exports

  • Model employee access to homegrown or specialized systems

  • Upload employee metadata from your HRIS as a source of identity for Lifecycle Management workflows

The integration uses Open Authorization API (OAA) to enable modeling a range of different source applications. Uploading CSV data creates an . It also populates Authorization Graph entities with the specified attributes. The integration currently supports Users, Groups, and Roles (using the Custom Application template) and Employees (Custom HRIS).

CSV import enables modeling identity and permissions metadata for any application not natively supported by Veza, with support for:

  • Flexible column mapping: Map any exported CSV column to Veza identity attributes

  • Support for custom properties: Map columns to custom attributes in Veza

  • Multiple data formats: Process timestamps, booleans, and string lists in various formats

Adding a CSV Integration

Prerequisites

To create an integration from CSV, you will need:

  • A CSV file containing relevant data with column headers

  • Sufficient permissions in Veza (Administrator or CSV Manager role)

  • Understanding of the data model for the source application

  • A plan for mapping between CSV columns and Veza attributes

Format Requirements

CSV (Comma-Separated Values) is a widely used file format that stores tabular data in plain text. Each row represents a record or a relationship between entities (e.g., User to Role), and columns represent attributes.

When importing from CSV:

  1. The first row must contain column headers

  2. Each column can be mapped to a specific Veza attribute or custom attribute

  3. Columns can be ignored after uploading the file

  4. At minimum, you must map columns for unique identifiers (such as user ID or Name)

Create a CSV Integration

To create a new CSV integration:

  1. Go to Integrations > Add Integration

  2. Choose Upload CSV from the options

  3. Upload a logo for the provider (optional) - This will appear throughout the Veza UI, including in Graph search, to identify the integration and entity types.

  4. Enter an integration name

    • Use a title that uniquely identifies this integration source

    • Avoid generic terms like "application" or "CSV"

    • If you have multiple environments, consider including that in the name

  5. Select a data source template (currently supports Application and HR Systems)

  6. Enter template-specific information (fields will vary based on the selected template):

    For Application Template:

    • Name: A unique identifying name for this specific application instance (e.g., "Marketing CRM - Prod", "HR Portal - Dev").

    • Type: The general category or system type (e.g., "CRM", "DevOps Tool"). In Veza, the type appears as a prefix on entity names, e.g., CRM User, DevOps Tool Role.

    For HR System Template:

    • Name: A unique identifying name for the HR system (e.g., "Workday - Production", "HR Portal - Dev")

    • Type: The type of HR system (e.g., "HRIS", "ATS", "Benefits")

    • URL: The URL of the HR system

    Note: Naming is critical for easy search in Veza. For Applications, the Type enables searching for all entities of that category, while the Name differentiates between multiple instances of the same system type.

  7. Upload the CSV file - Veza will read the column headers and show them for mapping

  8. Map your columns to Veza attributes (see Column Mapping section)

  9. Click Create Integration to trigger extraction and parsing

CSV Column Mapping

The CSV integration allows you to map columns in your file to specific Veza attributes. After uploading the CSV, Veza automatically detects all columns and presents them for mapping.

For each column, you can:

  1. Select to include or exclude the column

  2. Select the target entity type for mapping (available entities depend on the selected template)

  3. Select the specific entity attribute to map to (only attributes applicable to the selected entity type will be shown)

  4. For custom properties, specify a name and data type

Example: Mapping CSV columns to Application template entities and attributes

Supported Entity Types and Attributes

For all entities, an ID or Name is required. If ID is not provided, Name is automatically used as the unique identifier for the entity. Both are also supported.

The available entity types and attributes depend on the template you select. Each template supports different entity types.

Application Template Entities

User Attributes

Attribute
Description

ID

Unique identifier for the user

Name

Display name for the user

Is Active

Boolean indicating if the user is active

Created At

Timestamp when the user was created

Last Login At

Timestamp of the user's last login

Deactivated At

Timestamp when the user was deactivated

Password Last Changed At

Timestamp of the last password change

Email

User's email address

Custom Properties

Map any column to a custom user property (type varies)

Group Attributes

Attribute
Description

ID

Unique identifier for the group

Name

Name of the group (supports list format)

Created At

Timestamp when the group was created

Custom Properties

Map any column to a custom group property (type varies)

Role Attributes

Attribute
Description

ID

Unique identifier for the role

Name

Name of the role (supports list format)

Permissions

Permissions assigned to the role (supports list format)

Custom Properties

Map any column to a custom role property (type varies)

HR System Template Entities

Employee Attributes

Attribute
Description

ID

Unique identifier for the employee

Name

Employee name (typically full name)

Employee Number

Alternative employee identifier

Company

Employee's company

First Name

Employee's first name

Last Name

Employee's last name

Preferred Name

Employee's preferred name

Display Full Name

Complete display name

Canonical Name

Standardized name format

Username

Employee's username

Email

Primary email address

IDP ID

Identity Provider ID

Personal Email

Personal email address

Home Location

Employee's home location

Work Location

Employee's work location

Cost Center

Cost center assignment

Department

Employee's department

Managers

Employee's manager(s) (supports list format)

Groups

Group memberships (supports list format)

Employment Status

Current employment status

Is Active

Boolean indicating active employment

Start Date

Employment start date

Termination Date

Employment end date

Job Title

Employee's job title

Employment Types

Types of employment (supports list format)

Primary Time Zone

Employee's primary time zone

Custom Properties

Map any column to a custom employee property (type varies)

Data Type Handling

Boolean Values

The following values are treated as TRUE (case-insensitive):

  • true, t

  • yes, y

  • 1

  • active

  • enabled

Any other value is treated as FALSE.

Timestamp Formats

Veza supports multiple timestamp formats:

  • 2023-04-12T15:34:56.123456789Z (RFC3339 with nanoseconds)

  • 2006-01-02T15:04:05Z07:00 (RFC3339)

  • 20060102150405 (Active Directory format)

  • 2006-01-30 15:04:05Z07:00

  • 2006-01-30 15:04:05

  • 2006-01-30

  • 2006-01-30T

  • 2006-01-30T15:04:05

  • 2006-01-30T15:04:05Z

  • 1/2/2006 (MM/DD/YYYY format)

Timestamps are considered unset when the value is never, null, none, false, 0 or empty. Invalid timestamps will result in a processing error.

String Lists

For attributes that support lists (like Role Name List, and Group Name List), values should be comma-separated within the cell and the list enclosude by quotes ".

Updating a CSV Integration

Incremental updates are not supported; you must submit the complete data set for each update.

Push new data for an existing integration

  1. Find the CSV integration on the Veza Integrations page

  2. Click on the integration name to view details

  3. Under Data Sources, click Upload CSV

  4. Select your updated CSV file and click Upload

Update mappings for an integration

  1. Find the CSV integration on the Veza Integrations page

  2. Click on the integration name to view details

  3. Click Edit

  4. In the integration configuration, click Edit above the table of current mappings

  5. Modify your column mappings as needed

  6. Click Save Configuration to apply the changes

CSV Manager Role

Veza provides a limited privilege "CSV Manager" role for users that need permission to manage a CSV integration, but should not have access to other functionality in Veza. Users with this role can:

  • Create new CSV integrations

  • Upload new CSV data

  • Edit existing CSV integrations, including delete

Processing Rules

  • Multiple Rows per Entity: If the same entity (user, group, or role) appears in multiple rows, Veza processes them as follows:

    • Properties are set based on the first row where the entity ID (or Name if it is being used as the unique ID) appears

    • For subsequent rows with the same identifier, only relationship assignments are processed (for example user to group, or user to role)

    • Role permissions are the only properties that are additive across all rows

  • Ignored Columns: Columns that are not mapped (unchecked) are ignored during processing

  • Additional Columns: CSV files can contain more columns than are mapped - extra columns are ignored

  • Entity Identifiers: Every entity type (user, group, role) requires an ID or Name (or both). If only one is provided, the same value is used for both fields and must be unique.

  • Identity Mapping: When using the Application template, you can choose the column(s) used to connect external identities.

Related Documentation

For more examples and detailed mapping patterns, see .

This role can be combined with to further limit a user's scope. When a user with the CSV manager role is added to a non-root team, they can only manage CSV integrations assigned to their team.

✨
templates
custom provider and data source
CSV Import Examples
Teams
Open Authorization API (OAA) Templates
Managing Teams and Permissions
Creating Custom Reports
Understanding the Veza Access Graph
Automating CSV Upload
CSV Mapping Interface with column selection and attribute mapping options