Import users from the HR system

Last modified 11 Dec 2025 21:31 +01:00
Table of Contents

With the mapping and synchronization configuration from the previous module finished, you are now ready to import users from the source HRIS application to midPoint.

What awaits you in this module

Your goal in this module is to import accounts from the HRIS application to midPoint. Before the actual import, you will verify that your midPoint configuration behaves as expected, and then import the accounts.

First, you will simulate import of one user to do the basic check of mapping and synchronization rules behavior.

After that, you will simulate importing all user accounts. This time, you will see the number of user accounts imported and what data would be pulled from the HRIS appliaction to midPoint. If need be, you will amend the configuration of the HRIS resource in midPoint and run the simulation again.

Having confirmed the correctness of the configuration, you will then import the user accounts to midPoint for real.

We strongly suggest you never skip simulations. It is the best way to make sure your resource configuration behaves as expected, and fix it if needed.

1. Simulate a single account import

You first simulate importing one account. This is useful for catching the most basic configuration errors, and it is fast because midPoint does not have to fetch all the users from the source application.

Follow this guide: Simulate import of a single object

Once the simulation is done, inspect the results and verify the source application user attributes are mapped correctly to midPoint. If not, adjust the mapping configuration. Once everything looks good, proceed to the full import simulation.

2. Simulate importing all users

The next step is to simulate importing all users.

Follow this guide: Create and Run Tasks in GUI

  1. Select Import task.

  2. Switch on the Simulate task toggle to activate simulation mode.

  3. Select the Preview mode with the Development configuration in the execution setup screen.

  4. Run the task.

  5. Inspect the simulation results

  6. Rectify the mapping and synchronization rules configuration if needed.

Refer to Simulations for more details on simulations.

You may notice a discrepancy between the number of activated focal objects (users) and the total number of added accounts. That is expected if your status-to-lifecycleState mapping sets some people as inactive.

All HRIS application accounts (with some exceptions) get shadows and focal objects in midPoint, but only the current employees are activated as per the mapping.

In the simulation results screen:

  • Click More info in the Focus activated tile to see all users that would be activated (current employees).

  • Click the number in the Added objects row in the Simulation task details sidebar to view all accounts that would be added.

3. Import users for real

Once you confirm you get the expected results during the simulations, you can import the HRIS user accounts for real.

3.1. Activate your configuration

Make sure you have all the relevant items in the Active lifecycle state because you are not simulating anymore:

  • The whole resource

  • The object type for accounts

  • The mapping rules

  • The synchronization rules

Follow this guide: Activate proposed resource

3.2. Create production import task

Create an import task similar to the simulation one, but this time for production—do not switch on the simulation toggle.

Follow this guide: Create and Run Tasks in GUI

3.3. Check the import results

Once you run the production import task and it finishes, you can check the results in two places in midPoint:

  1. Accounts section in the HRIS resource contains the accounts imported from your HRIS application.

  2. Users > Persons lists focal objects (i.e., users) created based on the accounts in the HRIS application.

List of focal objects (users) with the Person archetype
Figure 1. List of focal objects (users) with the Person archetype

If you see a list similar to the one above―congratulations, you have imported your users to midPoint and you are ready to connect a target system to midPoint. If not, revisit the mapping and synchronization settings to investigate possible misconfiguration.

Do you really suggest using numbers as usernames?

Good and timely question. Technically, it is fine to use employee numbers as usernames, but you are right. It is better to use actual names for user identifiers. You will learn how to do that later in the guide.

Next steps

Accounts from the source application are imported. It is time to integrate the target system.

Integrate a target system

Was this page helpful?
YES NO
Thanks for your feedback