Overview
When importing user entitlements for Disconnected Applications in Okta Identity Governance, administrators are limited to a maximum file size of approximately 25,000 records (or ~8MB) per single CSV upload.
Administrators with user bases larger than 25,000 cannot upload a single master file and must split their data. However, incorrect handling of multiple files can result in the unintended removal of entitlements.
Solution
To import more than 25,000 records, you must split the user data into multiple CSV files (batches) and upload them sequentially.
⚠️ Critical Guardrails:
You must strictly adhere to the following rules to avoid data loss during the multi-file import process.
1. Consistency of Entitlement Columns (Crucial)
Every batch file must contain the exact same entitlement headers (columns) as the previous files, even if those specific entitlements are not being assigned to the users in the current batch.
- Risk: If Batch_2.csv is missing a column (e.g.,
ent_License) that was present in Batch_1.csv, Okta may interpret this as an instruction to remove that entitlement type from the application schema or configuration. - Requirement: Ensure strict schema uniformity across all files.
2. Distinct User Sets
Ensure that users are not duplicated across files to prevent conflicting updates.
- File 1: Users A-M
- File 2: Users N-Z
3. Adding New Entitlement Type
If there is a need to add a new entitlement type to the Disconnected Application, we can add a new column to the subsequent batch files, but keep in mind the following points:
- The subsequent batches should still contain all the existing entitlement types/columns.
- This new entitlement type will be created in the application without any impact on the existing entitlement types.
- To assign this entitlement to existing users, update the existing CSVs with this new entitlement along with the existing entitlement values.
Step-by-Step Implementation Guide
To demonstrate the multiple file import for a single application, we will take an example of an application X where we need to import 50k Users along with their entitlements called as Role and License. Follow the below procedure to safely import this large dataset.
Step 1: Prepare Your CSV Files
Divide your master user list into smaller files, ensuring each file meets the size limits.
- Batch Size: Ensure each file has fewer than 25,000 rows.
- Header Check: Check and verify that, in each of these batch files, the header row is identical.
Now, let's look at how these files should be formatted before we import them into the application.
✅ Correct Formatting (Safe): | |
|
File 1 (Users 1–25k): |
File 2 (Users 25k–50k): |
NOTE: Even if these users do not need a specific license, the column must remain.
| ❌ Incorrect Formatting (Data Loss Risk): |
|
If File 2 omits the |
Step 2: Upload Files Sequentially
- Navigate to your Disconnected Application instance in the Okta Dashboard.
- Go to the Import tab.
- Select "Import user entitlements from CSV".
- Upload File 1. Wait for the import and processing to complete successfully.
- Once finished, repeat the process for File 2, then File 3, and so on.
Step 3: Verification
After all batches are uploaded:
- Check the Import Monitoring logs to ensure no rows failed.
- Spot-check a user from File 1 to ensure their entitlements are still intact.
- Spot-check a user from File 2 to ensure their new entitlements were applied.
Guidelines
- Template Creation: Create a standard CSV template with all necessary headers (e.g.,
login,email,ent_AppRole,ent_Department) and ensure all data owners use this exact template when generating split files. - Validation: Before uploading to Production, perform a test with 2 small files (5 users each) in a Sandbox environment to confirm your specific entitlement schema persists.
