CSV Upload

Overview

Use CSV Upload to integrate identity and authorization metadata from sources that don't have built-in Veza connectors, but support exporting this information in tabular format.

You can create a CSV integration in Veza to:

• Import user and authorization data from legacy or custom applications

• Integrate with SaaS applications that support CSV exports

• Model employee access to homegrown or specialized systems

• Upload employee metadata from your HRIS as a source of identity for Lifecycle Management workflows

The integration uses Open Authorization API (OAA) to enable modeling a range of different source applications. Uploading CSV data creates an . It also populates Authorization Graph entities with the specified attributes. The integration currently supports Users, Groups, and Roles (using the Custom Application template) and Employees (Custom HRIS).

CSV import enables modeling identity and permissions metadata for any application not natively supported by Veza, with support for:

• Flexible column mapping: Map any exported CSV column to Veza identity attributes

• Support for custom properties: Map columns to custom attributes in Veza

• Multiple data formats: Process timestamps, booleans, and string lists in various formats

Adding a CSV Integration

Prerequisites

To create an integration from CSV, you will need:

• A CSV file containing relevant data with column headers

• Sufficient permissions in Veza (Administrator or CSV Manager role)

• Understanding of the data model for the source application

• A plan for mapping between CSV columns and Veza attributes

Format Requirements

CSV (Comma-Separated Values) is a widely used file format that stores tabular data in plain text. Each row represents a record or a relationship between entities (e.g., User to Role), and columns represent attributes.

When importing from CSV:

1. The first row must contain column headers

2. Each column can be mapped to a specific Veza attribute or custom attribute

3. Columns can be ignored after uploading the file

4. At minimum, you must map columns for unique identifiers (such as user ID or Name)

Create a CSV Integration

To create a new CSV integration:

1. Go to Integrations > Add Integration

2. Choose Upload CSV from the options

3. Upload a logo for the provider (optional) - This will appear throughout the Veza UI, including in Graph search, to identify the integration and entity types.

4. Enter an integration name

   • Use a title that uniquely identifies this integration source

   • Avoid generic terms like "application" or "CSV"

   • If you have multiple environments, consider including that in the name

5. Select a data source template (currently supports Application and HR Systems)

6. Enter template-specific information (fields will vary based on the selected template):

   For Application Template:

   • Name: A unique identifying name for this specific application instance (e.g., "Marketing CRM - Prod", "HR Portal - Dev").

   • Type: The general category or system type (e.g., "CRM", "DevOps Tool"). In Veza, the type appears as a prefix on entity names, e.g., CRM User, DevOps Tool Role.

   For HR System Template:

   • Name: A unique identifying name for the HR system (e.g., "Workday - Production", "HR Portal - Dev")

   • Type: The type of HR system (e.g., "HRIS", "ATS", "Benefits")

   • URL: The URL of the HR system

   Note: Naming is critical for easy search in Veza. For Applications, the Type enables searching for all entities of that category, while the Name differentiates between multiple instances of the same system type.

7. Upload the CSV file - Veza will read the column headers and show them for mapping

8. Map your columns to Veza attributes (see Column Mapping section)

9. Click Create Integration to trigger extraction and parsing

CSV Column Mapping

The CSV integration allows you to map columns in your file to specific Veza attributes. After uploading the CSV, Veza automatically detects all columns and presents them for mapping.

For each column, you can:

1. Select to include or exclude the column

2. Select the target entity type for mapping (available entities depend on the selected template)

3. Select the specific entity attribute to map to (only attributes applicable to the selected entity type will be shown)

4. For custom properties, specify a name and data type

Example: Mapping CSV columns to Application template entities and attributes

Supported Entity Types and Attributes

For all entities, an ID or Name is required. If ID is not provided, Name is automatically used as the unique identifier for the entity. Both are also supported.

The available entity types and attributes depend on the template you select. Each template supports different entity types.

Application Template Entities

User Attributes

Group Attributes

Role Attributes

HR System Template Entities

Employee Attributes

Data Type Handling

Boolean Values

The following values are treated as TRUE (case-insensitive):

• true, t

• yes, y

• 1

• active

• enabled

Any other value is treated as FALSE.

Timestamp Formats

Veza supports multiple timestamp formats:

• 2023-04-12T15:34:56.123456789Z (RFC3339 with nanoseconds)

• 2006-01-02T15:04:05Z07:00 (RFC3339)

• 20060102150405 (Active Directory format)

• 2006-01-30 15:04:05Z07:00

• 2006-01-30 15:04:05

• 2006-01-30

• 2006-01-30T

• 2006-01-30T15:04:05

• 2006-01-30T15:04:05Z

• 1/2/2006 (MM/DD/YYYY format)

Timestamps are considered unset when the value is never, null, none, false, 0 or empty. Invalid timestamps will result in a processing error.

String Lists

For attributes that support lists (like Role Name List, and Group Name List), values should be comma-separated within the cell and the list enclosude by quotes ".

Updating a CSV Integration

Incremental updates are not supported; you must submit the complete data set for each update.

Push new data for an existing integration

1. Find the CSV integration on the Veza Integrations page

2. Click on the integration name to view details

3. Under Data Sources, click Upload CSV

4. Select your updated CSV file and click Upload

Update mappings for an integration

1. Find the CSV integration on the Veza Integrations page

2. Click on the integration name to view details

3. Click Edit

4. In the integration configuration, click Edit above the table of current mappings

5. Modify your column mappings as needed

6. Click Save Configuration to apply the changes

CSV Manager Role

Veza provides a limited privilege "CSV Manager" role for users that need permission to manage a CSV integration, but should not have access to other functionality in Veza. Users with this role can:

• Create new CSV integrations

• Upload new CSV data

• Edit existing CSV integrations, including delete

Processing Rules

• Multiple Rows per Entity: If the same entity (user, group, or role) appears in multiple rows, Veza processes them as follows:

  • Properties are set based on the first row where the entity ID (or Name if it is being used as the unique ID) appears

  • For subsequent rows with the same identifier, only relationship assignments are processed (for example user to group, or user to role)

  • Role permissions are the only properties that are additive across all rows

• Ignored Columns: Columns that are not mapped (unchecked) are ignored during processing

• Additional Columns: CSV files can contain more columns than are mapped - extra columns are ignored

• Entity Identifiers: Every entity type (user, group, role) requires an ID or Name (or both). If only one is provided, the same value is used for both fields and must be unique.

• Identity Mapping: When using the Application template, you can choose the column(s) used to connect external identities.

Related Documentation