How do I import users and groups from NFM-P?

Purpose

NFM-P users must be imported to the NSP local user database. The Import function migrates all user accounts and user groups from your NFM-P user database into NSP. The imported users become local NSP users. The imported user groups can be assigned roles that provide the users in the groups access to NSP functions and resources.

Note: NSP Users and Security supports up to 5000 users.

Imported NFM-P users require new passwords. Users that have an e-mail address receive a random password by e-mail. Users without an e-mail address are assigned a global default password set by the administrator. Each imported user must change the password during the first login attempt after the import. It is recommended that the NFM-P system administrator assign e-mail addresses to users before the import in order to ensure the greatest security.

Before importing NFM-P users, consider the following requirements and limitations:

  • If you intend to use e-mail notification of new user passwords, you must ensure that the NSP e-mail server is configured in the NSP system settings. If the e-mail server is not reachable to NSP and some NFM-P users have e-mail addresses configured, the NFM-P user import will not complete successfully.

    The user import process depends on how the user list with e-mail addresses is created in the NSP system. If the e-mail sending fails for the first user with an e-mail address, the remaining users with email addresses are not imported.

  • If NFM-P is configured with remote identity providers, those identity providers must be configured in nsp.sso section of nsp-config.yml.

  • The NFM-P user parameters imported to NSP are: user name, description, user group, account state, and e-mail address.

  • All NFM-P user IDs are converted to lowercase upon import. If two NFM-P user IDs are identical except for case, only one of them is imported. You must clean up any duplicate user IDs in NFM-P prior to import to ensure that all users are imported.

  • NSP user groups are case sensitive, as are NFM-P user groups. When NFM-P user groups are imported to NSP, they keep uppercase and lowercase characters. For example, if NFM-P has user groups GROUP1, Group1 and group1, all three are imported into NSP.

  • Any NFM-P user names that conflict with existing NSP local users are not imported and do not cause any change to local users.

  • To ensure that only necessary users are included in the migration, clean up your NFM-P user database before importing to NSP.

  • NFM-P remote users are not imported into NSP (remote users include NSP, LDAP, RADIUS, and TACACS users that have access to the NFM-P GUI.)

  • NSP authentication does not support local and remote user authentication for the same user ID. To preserve the use of a remote user ID, the local user ID must be changed to a unique value.

Steps
 

Open Users and Security.


Select Users from the drop-down list on the toolbar.


Click png1.png More Actions, Import NFM-P Users and Groups.


In the Temporary Password for Imported Users form, specify and confirm a global temporary password for all imported users.

The global temporary password is only applied to imported users with no e-mail address.


Click OK.

The imported users are listed in the Users view. The imported user groups are listed in the User Groups view.


The NFM-P imported users can now log in to NSP. All imported users will be required to change their password during first login. NFM-P users that have an e-mail address must check their e-mail for their random login password.

Note: In the event that the import fails for certain users or user groups, you can investigate problems in the nspos-tomcat pod logfile at:

/opt/nsp/os/tomcat/logs/AccessControlApi.log

End of steps

Post-import considerations

After importing users from NFM-P, be aware of the following requirements and limitations: