Auto-enrolling users by importing data from external databases

Using this option, you can connect databases such as Oracle, MS SQL, MySQL, and PostgreSQL with ADSelfService Plus, and import the enrollment data stored in them. This option comes in handy if you already have all the necessary enrollment data stored in an external database. Before importing the enrollment data, make sure to configure the settings for the respective authenticators in the self-service policies. To learn more on how to set up the authenticators supported by ADSelfService Plus, click here.

Import data formats

The data imported should follow the specified formats for each authenticator as mentioned in the table below.

The database header names given below are sample header names and the same names need not be followed. sAMAccountName is a mandatory data and it must be a valid username present in AD.

Authenticator	Database header names	Allowed formats
Security Questions and Answers	question	It must be a security question. Eg., What is your favourite colour?
	answer	It must be the corresponding answer to the security question. Eg., Yellow.
AD Security Questions	answer	It must be the corresponding answer to the security question. Eg., Yellow.
SMS Verification	mobile	It must contain numbers 0 through 9.
Email Verification	mail	It must be a valid email address
Duo Security	sAMAccountName	It must be a valid user in AD.
Google Authenticator	googleauth secret key	It must contain letters "A-Z" or "a-z" and numbers "2-7".
Microsoft Authenticator	microsoftauth secret key	It must contain letters "A-Z" or "a-z" and numbers "0-9".
Zoho OneAuth TOTP	zohooneauth secret key	It must contain letters "A-Z" or "a-z" and numbers "0-9".
Custom TOTP – Software token	customtotp secret key	It must contain letters "A-Z" or "a-z" and numbers "0-9".
Custom TOTP – Hardware token	customtotp hardware serial number	It must contain letters "A-Z" or "a-z" and numbers "0-9".
	customtotp secret key	It must contain letters "A-Z" or "a-z" and numbers "0-9".

Steps for establishing a connection with the external database  

1. Log in to the ADSelfService Plus web console as an admin.
2. Navigate to  Configuration > Administrative Tools >; Quick Enrollment >; Import Enrollment Data from External Database.
3. Click Add New Data Source.
4. Enter a  Connection Name for the data source.
5. Select the type of database that you want to connect to from the Select DB Server drop-down.
6. Enter the  Host Name/IP Address and  Port number of the database server.
7. Enter the name of the database that stores your enrollment data in the DB Name field.
8. In the Username and Password fields, enter the credentials of a user who has privileges to query the database server.
9. Click Create.

Steps for importing data from the connected database

1. Back on the Import Enrollment Data from External Database screen, click Add New Fetcher.
2. Enter a name in the Fetcher Name field.
3. Select the connection that you just created from the Select the Connection drop-down.
4. Select a policy from the Select Policy drop-down.
5. Select the enrollment data that you want to import from the Import drop-down.
6. In the SQL Query field, type the appropriate query to fetch the necessary data from the database table. For example, if you have configured Security Question & Answer and Hardware Token and wish to import the data for these authenticators, the following is the sample query that needs to be entered.

Sample query: Select UserName, Question, Answer, CustomTOTPSecretKey, CustomTOTPHardwareSerialNumber from TableName;

Important note: The query with the values to be fetched entered should follow the order in which the authenticators for which the data needs to be imported are checked/selected.
7. Click Save.

Methods to import user enrollment data

• Manually : If there are new users added to the database, then simply click the Fetch Again icon to enroll the newly added users.
• Automatically : You can also set up a scheduler to update the enrollment data of new users at regular intervals automatically.