4.2.3.1 Prepare source file for employees

👥 Setting Up Employees

🧪 Test Employees (Development & QA)

Prepare a file named default-employees.csv. This file contains all the test employees who should have initial access to your development, staging, or QA OpenCRVS environments.

In these non-production environments:

  • Users are created in an active state.

  • They are not required to:

    • Change their password on first login

    • Set up reset-authentication security questions

  • QA users can always log in using the test 2FA code:

    000000

This setup allows your team to perform end-to-end testing quickly without authentication friction.

🏛️ Production Employee

Prepare a separate file named prod-employees.csv. This file should contain only one user:

  • The National System Administrator

In production:

  • This user is created in a pending state.

  • On first login they must:

    • Change their password

    • Set up reset-authentication security questions

  • 2FA codes are delivered via email, not bypassed.

  • The CSV password for this user is a temporary one.

After the National System Administrator logs in for the first time, they are responsible for creating all other production users.

When creating users in production:

  • OpenCRVS generates random, one-time passwords

  • New users receive these credentials via email invitation

  • Each user must change their password on first login

📄 CSV Format Explained

Use the Farajaland default-employees.csv file as a reference.

Important rules:

  • Do not modify the header row — the import code depends on those exact column names.

  • Do not use commas in any cell.

  • Do not include empty rows.

  • Each CSV row represents one unique user in your country.

Column details:

Column
Description

primaryOfficeId

The office id in your crvs-facilities.csv row associated with the office where the user works.

givenNames

The user’s first and middle names, separated by spaces.

familyName

The user’s family name(s), separated by spaces.

role

Must match a role ID defined in your custom roles & scopes configuration.

mobile

Mobile number with country code. Must match the phone number regex you plan to enforce. (Optional if SMS/phone is not used.)

username

A unique username for login.

email

A valid email address for password resets and 2FA.

password

Initial login password. Test users log in directly; production users must change this immediately.

✍️ Digital Signatures

Some users — usually civil registrars — may have their signature printed digitally on certificates.

You can upload a signature image at any time by editing the user in the Team section of the OpenCRVS UI.

Preparing signature files:

  • Use a transparent PNG for best results.

  • If you need a PNG editor, free online tools can help you:

    • Remove backgrounds

    • Export a transparent PNG

Previous4.2.4 Set up employees & roles for testing or productionNext4.2.3.2 Configure user roles

Last updated