Skip to main content
We recommend importing user lists for any application included in your regular access reviews. There are three common approaches:
  1. One-time import: Import once, then manage all requests and revocations directly in AccessOwl.
  2. Periodic import: Update the user list on a schedule (for example, quarterly before an access review).
  3. Automated sync: Fully automate synchronization between AccessOwl and the application. To request this, contact AccessOwl support. We prioritize integrations based on demand.

How to Import a User List

  1. Open the application and go to Edit → click Import.
  2. Upload a CSV file or copy-paste table data into the importer.
Ensure your roles and permissions in AccessOwl match exactly what you plan to import, including custom roles or permissions from the source application. Mismatched naming will cause errors.
  • Flat Permission Structure
  • Grouped Structure
Permission Structure 1For applications with a flat structure, you only need to add the role or permission. Object may remain empty.

Example Import

EmailObjectRole/Permission
John.Doe@accessowl.comUser
Jane.Doe@accessowl.comAdmin
Oscar.Owl@accessowl.comAdmin
Please help us improve this documentation. Send your feedback to your AccessOwl support.

FAQ

In AccessOwl, an object is a distinct group of roles or permissions.For example, a tool may let you assign:
  • A role (such as User)
  • A group (such as Marketing)
Each of these is treated as a separate object in AccessOwl’s import logic.
Every SaaS application formats user list exports differently.If your export does not match the AccessOwl format, you can:
  • Contact AccessOwl support for help formatting your file.
  • Use an LLM (such as ChatGPT) to quickly reformat your export into the required AccessOwl structure.
It depends on your workflow.
  • Some companies import user lists for all in-scope applications before every access review.
  • Others do a one-time import, then rely on AccessOwl for all access requests and revocations.
AccessOwl also offers integrations that automatically sync user lists from SaaS apps. If you’d like support for a specific tool, contact AccessOwl support.
Usually not.Detailed user lists (with roles and permissions) are typically only needed for compliance use cases such as SOC 2 or ISO 27001 access reviews.For offboarding, AccessOwl relies on shadow IT detection to track whether a user had access to a tool. The exact role or permission is not required, only the fact that access existed.This means you often don’t need to import every user list when getting started.