How do I import users and groups from NFM-P?
Purpose
NFM-P users must be imported to the NSP local user database. The Import function migrates all user accounts and user groups from your NFM-P user database into NSP. The imported users become local NSP users. The imported user groups can be assigned roles that provide the users in the groups access to NSP functions and resources.
Note: NSP Users and Security supports up to 5000 users.
Imported NFM-P users require new passwords. Users that have an e-mail address receive a random password by e-mail. Users without an e-mail address are assigned a global default password set by the administrator. Each imported user must change the password during the first login attempt after the import. It is recommended that the NFM-P system administrator assign e-mail addresses to users before the import in order to ensure the greatest security.
Before importing NFM-P users, consider the following requirements and limitations:
-
If you intend to use e-mail notification of new user passwords, you must ensure that the NSP e-mail server is configured in the NSP system settings. If the e-mail server is not reachable to NSP and some NFM-P users have e-mail addresses configured, the NFM-P user import will not complete successfully.
The user import process depends on how the user list with e-mail addresses is created in the NSP system. If the e-mail sending fails for the first user with an e-mail address, the remaining users with email addresses are not imported.
-
If NFM-P is configured with remote identity providers, those identity providers must be configured in nsp.sso section of nsp-config.yml.
-
The NFM-P user parameters imported to NSP are: user name, description, user group, account state, and e-mail address.
-
All NFM-P user IDs are converted to lowercase upon import. If two NFM-P user IDs are identical except for case, only one of them is imported. You must clean up any duplicate user IDs in NFM-P prior to import to ensure that all users are imported.
-
NSP user groups are case sensitive, as are NFM-P user groups. When NFM-P user groups are imported to NSP, they keep uppercase and lowercase characters. For example, if NFM-P has user groups GROUP1, Group1 and group1, all three are imported into NSP.
-
Any NFM-P user names that conflict with existing NSP local users are not imported and do not cause any change to local users.
-
To ensure that only necessary users are included in the migration, clean up your NFM-P user database before importing to NSP.
-
NFM-P remote users are not imported into NSP (remote users include NSP, LDAP, RADIUS, and TACACS users that have access to the NFM-P GUI.)
-
NSP authentication does not support local and remote user authentication for the same user ID. To preserve the use of a remote user ID, the local user ID must be changed to a unique value.
Steps
Post-import considerations
After importing users from NFM-P, be aware of the following requirements and limitations:
-
An imported NFM-P user group that had Administrator scope of command in NFM-P must be assigned to a role with administrative privileges in NSP.
-
NFM-P XML SOAP OSS users must remain in NFM-P after import to perform XML SOAP OSS transactions with NFM-P.
-
Non-NFM-P XML SOAP OSS users that are imported to NSP can be deleted from NFM-P after import to NSP.
-
NFM-P user groups must exist in NFM-P to define user access permissions through span and scope of control profiles.