Vault Loader allows you to perform bulk actions on users in your Vault.

How to Load Users

Before loading users, prepare the CSV input file containing user field names and values.

To create, update, or upsert users:

  1. In the left panel of the Loader tab, click Load.
  2. For the CSV File, click Choose and select the CSV input file.
  3. In the Object Type drop-down, scroll to the Users & Groups section and select Users.
  4. In the Action Type drop-down, select Create, Update, or Upsert.
  5. Click Start Load.

Before processing the request, Vault validates the selected CSV file. If the file is valid, Vault begins processing the request. When finished, you’ll receive a Vault notification and email with request details and CSV output files.

Preparing CSV Input Files

The fields you include in your CSV will depend on your action: Create, Update, or Upsert. If you aren’t sure where to start, you can use the Extract option in Vault Loader to see what the CSV should look like.

Create Users

When creating new users, the following fields are required in all Vaults:

  • user_name__v
  • user_first_name__v
  • user_last_name__v
  • user_email__v
  • user_timezone__v
  • user_locale__v
  • user_language__v
  • security_policy_id__v
  • vault_membership (sometimes required; see details)
  • app_licensing (sometimes required; see details)

See example input.

Update Users

When updating users, you must specify the user id field. Vault uses IDs to locate the existing users that you want to update. See example input.

Upsert Users

The Upsert action is a combination of create and update. When using this action, you create one input CSV with all the fields required to create new users. For existing users, you must specify the user id, but you can leave other fields blank if the values should not change.

File Validation

Before beginning the Vault Loader job to create or update legacy users, Vault checks that the selected CSV file meets certain criteria:

  • Is not empty
  • Does not contain empty columns
  • Includes a valid header row (Invalid header rows are those with no columns that match to metadata for the records you’re loading.)

If your file is not valid, Vault displays a notification, stops the process, and allows you to select a new CSV file. If some of the header columns do not match metadata for your Vault, the notification will allow you to stop the load or ignore those columns and proceed.

Vault Membership Assignments

User accounts exist at the domain level. For multi-Vault domains, this means that user details for a user (Thomas Chung, for example) are shared across all Vaults he can access.

If you are using the Update action to assign existing users to an additional Vault, you need to include vault_membership in your CSV. You must be a Vault Owner to use this functionality for one Vault on a domain, and a Domain Admin to use this functionality for multiple Vaults on the same domain.

The vault_membership field accepts multiple values in a specific format:

{Vault ID}:{User Status/active__v}:{Security Profile}:{License Type}

The only required value is Vault ID. If you leave the other values blank, Vault creates the user with default settings. To understand default settings, consider these two examples. Each produces the same result:

Assigns to Vault 3003.
Same as above.

The next two examples also produce the same result:

Assigned to Vault 3003 with system_admin__v security profile.
Same as above.

When assigning existing users to new Vaults, you do not need to include membership information for Vaults to which they already belong.

New Vault users only receive welcome emails if they are assigned to a Vault via the vault_membership field. For example, a new domain user who does not have any assigned Vaults will not receive a welcome email.

Assigning Users to Multiple Vaults

The next two examples add users to multiple Vaults in a domain.

Assigns to Vaults 3003, 4004, and 5005 with default settings.
Assigns to Vault 3003 as Inactive (active:false), with Read Only User security profile and Read Only license type. Assigns to Vaults 4004 and 5005 with default settings.

Deactivating Users

The following example changes an existing user’s Vault membership status to Inactive when used with the Update action.

Updates membership for Vault 3003 to Inactive.

Creating Users in Multi-Application Vaults

Users on a multi-application Vault (RIM, Clinical Operations, etc.) need to be assigned to specific applications and need a license type assignment for each. To set these values, use the app_licensing field. The app_licensing field accepts multiple values in a specific format:


Possible values for {application_name} are:

  • rimSubsArch_v
  • rimSubs_v
  • rimReg_v
  • rimSubsPublishing_v
  • qualityQms_v
  • qualityQdocs_v
  • qOneQdocs_v
  • qOneQms_v
  • qualityTraining_v
  • safety_v
  • safetyDocs_v
  • safetyManagement_v

Assigning Users to Multiple Applications

To assign a user to multiple applications, separate the applications with a pipe. The following example adds a user to multiple applications within a Vault.

Assigns the user to the RIM Registrations and Rim Submissions applications in Vault 3003. The user is active and has the Full license type for both applications.

Assigning Users to Applications in Multiple Vaults

To assign a user to applications in multiple Vaults, separate the Vaults with a semicolon. The following example adds a user to multiple applications in multiple Vaults.

Adds an active user to both RIM Registrations and RIM Submissions in Vault ID 3003, and to the RIM Submissions application in Vault ID 4112, all with the Full license type.

Suppressing Welcome Emails

When creating new users via Vault Loader, you can prevent Vault from sending welcome emails to a user by setting the user_needs_to_change_password__v setting to false. This does not work for users with SSO security profiles, but you can work around this limitation by creating the users with a basic security profile and updating them to the SSO security profile with an update action through Vault Loader. This prevents Vault from sending welcome emails until you run the update action.