Bulk Enrollment allows the SMOP administrator to pre-enroll a batch of users so that they can immediately start using SMOP without having to individually log in and answer their challenge/response questions. For some organizations that have known questions and answers for their users this may help with adoption of the password reset tool and make it easier to implement.
Bulk enrollment is a powerful tool and its ramifications need to be clearly understood before using this feature. The first issue is security. With bulk enrollment a SMOP admin can enroll any user or a set of users with answers and then using these answers the SMOP admin can reset any users password. Each organization will have to empower SMOP admins with this trust and understand the capabilities that are entrusted in doing so.
The second issue is that bulk enrollment will enroll potentially a large set of users with pre-enrolled data and populate the SMOP database with these questions/answers. There is no roll back to this function so if there are mistakes made the choice will be to restore the SMOP database or perform a reinstallation. Please use the feature cautiously and perform test with small set of users before doing a large bulk enrollment.
The bulk enrollment screen is shown below:
Domain: This drop down box will show all of the domains that are entered in the Options/Preferences - Domains section of the SMOP Administrator.
Enrollment Data File: Points to a delimited text file that contains user names and the answers to the challenge response questions. More info about this file is given below.
Override existing enrollment: This checkbox if turned on will override already existing user enrollments with the answers provided in the Enrollment Data File.
Delimiter: The character used in the Enrollment Data File for delimiting answers (by default this is a comma)
List of Questions: This is where you select which questions the answers in the Enrollment Data File correspond to IN ORDER. For one batch, all users must be pre-enrolled with the same question/answer pairs.
The enrollment data file is a plain text file that has enrollment data to be used to populate the SMOP database. The format for each line is as follows:
<USER NAME> <delimiter> <ANSWER1> <delimiter> - - - <ANSWER n>
so for example a sample line may look like this:
johndoe,Smith,Johnson High School,Spot
The delimiter can be selected in the dialog box. Any spaces between the delimiters are preserved. Domain information for the users should not be in the enrollment data file - this is selected in the dialog box drop down box. Thus, each enrollment data file must only contain users from one domain.
You may repeat the bulk enrollment with multiple enrollment data files with different domains and/or different batches of users as appropriate.
Here are step by step instructions for bulk enrolling user: