Import identity and authorization data from CSV files into Veza
Last updated
Was this helpful?
Use CSV Upload to integrate identity and authorization metadata from sources that don't have built-in Veza connectors, but support exporting this information in tabular format.
You can create a CSV integration in Veza to:
Import user and authorization data from legacy or custom applications
Integrate with SaaS applications that support CSV exports
Model employee access to homegrown or specialized systems
Upload employee metadata from your HRIS as a source of identity for Lifecycle Management workflows
The integration uses Open Authorization API (OAA) to enable modeling a range of different source applications. Uploading CSV data creates an . It also populates Authorization Graph entities with the specified attributes. The integration currently supports Users, Groups, and Roles (using the Custom Application template) and Employees (Custom HRIS).
CSV import enables modeling identity and permissions metadata for any application not natively supported by Veza, with support for:
Flexible column mapping: Map any exported CSV column to Veza identity attributes
Support for custom properties: Map columns to custom attributes in Veza
Multiple data formats: Process timestamps, booleans, and string lists in various formats
To create an integration from CSV, you will need:
A CSV file containing relevant data with column headers
Sufficient permissions in Veza (Administrator or CSV Manager role)
Understanding of the data model for the source application
A plan for mapping between CSV columns and Veza attributes
CSV (Comma-Separated Values) is a widely used file format that stores tabular data in plain text. Each row represents a record or a relationship between entities (e.g., User to Role), and columns represent attributes.
When importing from CSV:
The first row must contain column headers
Each column can be mapped to a specific Veza attribute or custom attribute
Columns can be ignored after uploading the file
At minimum, you must map columns for unique identifiers (such as user ID or Name)
To create a new CSV integration:
Go to Integrations > Add Integration
Choose Upload CSV from the options
Upload a logo for the provider (optional) - This will appear throughout the Veza UI, including in Graph search, to identify the integration and entity types.
Enter an integration name
Use a title that uniquely identifies this integration source
Avoid generic terms like "application" or "CSV"
If you have multiple environments, consider including that in the name
Select a data source template (currently supports Application and HR Systems)
Enter template-specific information (fields will vary based on the selected template):
For Application Template:
Name: A unique identifying name for this specific application instance (e.g., "Marketing CRM - Prod", "HR Portal - Dev").
Type: The general category or system type (e.g., "CRM", "DevOps Tool"). In Veza, the type appears as a prefix on entity names, e.g., CRM User, DevOps Tool Role.
For HR System Template:
Name: A unique identifying name for the HR system (e.g., "Workday - Production", "HR Portal - Dev")
Type: The type of HR system (e.g., "HRIS", "ATS", "Benefits")
URL: The URL of the HR system
Note: Naming is critical for easy search in Veza. For Applications, the Type enables searching for all entities of that category, while the Name differentiates between multiple instances of the same system type.
Upload the CSV file - Veza will read the column headers and show them for mapping
Map your columns to Veza attributes (see Column Mapping section)
Click Create Integration to trigger extraction and parsing
The CSV integration allows you to map columns in your file to specific Veza attributes. After uploading the CSV, Veza automatically detects all columns and presents them for mapping.
For each column, you can:
Select to include or exclude the column
Select the target entity type for mapping (available entities depend on the selected template)
Select the specific entity attribute to map to (only attributes applicable to the selected entity type will be shown)
For custom properties, specify a name and data type
Example: Mapping CSV columns to Application template entities and attributes
For all entities, an ID or Name is required. If ID is not provided, Name is automatically used as the unique identifier for the entity. Both are also supported.
The available entity types and attributes depend on the template you select. Each template supports different entity types.
Application Template Entities
User Attributes
ID
Unique identifier for the user
Name
Display name for the user
Is Active
Boolean indicating if the user is active
Created At
Timestamp when the user was created
Last Login At
Timestamp of the user's last login
Deactivated At
Timestamp when the user was deactivated
Password Last Changed At
Timestamp of the last password change
User's email address
Custom Properties
Map any column to a custom user property (type varies)
Group Attributes
ID
Unique identifier for the group
Name
Name of the group (supports list format)
Created At
Timestamp when the group was created
Custom Properties
Map any column to a custom group property (type varies)
Role Attributes
ID
Unique identifier for the role
Name
Name of the role (supports list format)
Permissions
Permissions assigned to the role (supports list format)
Custom Properties
Map any column to a custom role property (type varies)
HR System Template Entities
Employee Attributes
ID
Unique identifier for the employee
Name
Employee name (typically full name)
Employee Number
Alternative employee identifier
Company
Employee's company
First Name
Employee's first name
Last Name
Employee's last name
Preferred Name
Employee's preferred name
Display Full Name
Complete display name
Canonical Name
Standardized name format
Username
Employee's username
Primary email address
IDP ID
Identity Provider ID
Personal Email
Personal email address
Home Location
Employee's home location
Work Location
Employee's work location
Cost Center
Cost center assignment
Department
Employee's department
Managers
Employee's manager(s) (supports list format)
Groups
Group memberships (supports list format)
Employment Status
Current employment status
Is Active
Boolean indicating active employment
Start Date
Employment start date
Termination Date
Employment end date
Job Title
Employee's job title
Employment Types
Types of employment (supports list format)
Primary Time Zone
Employee's primary time zone
Custom Properties
Map any column to a custom employee property (type varies)
The following values are treated as TRUE (case-insensitive):
true, t
yes, y
1
active
enabled
Any other value is treated as FALSE.
Veza supports multiple timestamp formats:
2023-04-12T15:34:56.123456789Z (RFC3339 with nanoseconds)
2006-01-02T15:04:05Z07:00 (RFC3339)
20060102150405 (Active Directory format)
2006-01-30 15:04:05Z07:00
2006-01-30 15:04:05
2006-01-30
2006-01-30T
2006-01-30T15:04:05
2006-01-30T15:04:05Z
1/2/2006 (MM/DD/YYYY format)
Timestamps are considered unset when the value is never, null, none, false, 0 or empty. Invalid timestamps will result in a processing error.
For attributes that support lists (like Role Name List, and Group Name List), values should be comma-separated within the cell and the list enclosude by quotes ".
Incremental updates are not supported; you must submit the complete data set for each update.
Find the CSV integration on the Veza Integrations page
Click on the integration name to view details
Under Data Sources, click Upload CSV
Select your updated CSV file and click Upload
Find the CSV integration on the Veza Integrations page
Click on the integration name to view details
Click Edit
In the integration configuration, click Edit above the table of current mappings
Modify your column mappings as needed
Click Save Configuration to apply the changes
Veza provides a limited privilege "CSV Manager" role for users that need permission to manage a CSV integration, but should not have access to other functionality in Veza. Users with this role can:
Create new CSV integrations
Upload new CSV data
Edit existing CSV integrations, including delete
Multiple Rows per Entity: If the same entity (user, group, or role) appears in multiple rows, Veza processes them as follows:
Properties are set based on the first row where the entity ID (or Name if it is being used as the unique ID) appears
For subsequent rows with the same identifier, only relationship assignments are processed (for example user to group, or user to role)
Role permissions are the only properties that are additive across all rows
Ignored Columns: Columns that are not mapped (unchecked) are ignored during processing
Additional Columns: CSV files can contain more columns than are mapped - extra columns are ignored
Entity Identifiers: Every entity type (user, group, role) requires an ID or Name (or both). If only one is provided, the same value is used for both fields and must be unique.
Identity Mapping: When using the Application template, you can choose the column(s) used to connect external identities.
For more examples and detailed mapping patterns, see .
This role can be combined with to further limit a user's scope. When a user with the CSV manager role is added to a non-root team, they can only manage CSV integrations assigned to their team.
