# 4.2.3.1 Prepare source file for employees

### Testing employees

Prepare your [***default-employees.csv***](https://github.com/opencrvs/opencrvs-countryconfig/blob/develop/src/data-seeding/employees/source/default-employees.csv) source file. This is a [csv](https://en.wikipedia.org/wiki/Comma-separated_values) file for every **test** employee who will have initial access to OpenCRVS.

In development or QA environments, these users will be created in an "**active**" state and will not be required to change their password nor be required to set up reset authentication credentials security questions when logging in. This makes the quality assurance process easier. In development/staging and QA environments, all of these users will be able to submit a test **2FA code of six zeros: "000000"** when logging in.

### Production employees

Prepare your [***prod-employees.csv***](https://github.com/opencrvs/opencrvs-countryconfig/blob/develop/src/data-seeding/employees/source/prod-employees.csv) source file. This is a [csv](https://en.wikipedia.org/wiki/Comma-separated_values) file for **one National System Administrator** employee who will have initial access to OpenCRVS.

In production environments, this users will be created in an "**pending**" state and will be **immediately required to change their password** and required to set up reset authentication security questions **on first login**. 2FA codes will be delivered to the users' email address.

All of these users will be able to sign in to OpenCRVS initially with the **password** as documented in the csv.

{% hint style="danger" %}
The National System Admin user csv password is a temporary password and the National System Admin is required to change it on first login, after your first deployment to production.
{% endhint %}

{% hint style="danger" %}
In production, the National System Administrator user will use the OpenCRVS UI to create all other users. When creating users in production through the OpenCRVS UI, the system generates random, unique, one-time passwords for all new users and they receive these passswords in an email invite. After first login, each user is required to change their password.
{% endhint %}

### CSV format explained

Using our [default-employees.csv](https://github.com/opencrvs/opencrvs-countryconfig/blob/develop/src/data-seeding/employees/source/default-employees.csv) file as an example, you can create employees with all possible roles to quality assure your OpenCRVS instance, or just a single National System Admin role. Our default-employees.csv file looks something like this:

<table><thead><tr><th>primaryOfficeId</th><th width="225">givenNames</th><th>familyName</th><th>role</th><th>mobile</th><th>username</th><th>email</th><th>password</th></tr></thead><tbody><tr><td>CRVS_OFFICE_JWMRGwDBXK</td><td>Kalusha</td><td>Bwalya</td><td>SOCIAL_WORKER</td><td>+260911111111</td><td>k.bwalya</td><td>kalushabwalya@gmail.com</td><td>test</td></tr><tr><td>CRVS_OFFICE_JWMRGwDBXK</td><td>Felix</td><td>Katongo</td><td>REGISTRATION_AGENT</td><td>+260922222222</td><td>f.katongo</td><td>felixkatongo@gmail.com</td><td>test</td></tr><tr><td>CRVS_OFFICE_JWMRGwDBXK</td><td>Kennedy</td><td>Mweene</td><td>LOCAL_REGISTRAR</td><td>+260933333333</td><td>k.mweene</td><td>kennedymweene@gmail.com</td><td>test</td></tr></tbody></table>

{% hint style="danger" %}
Do not change or re-format the header row as the code requires these names to be precise in order to parse the csv. Do not use commas in any cell and do not have any empty rows.
{% endhint %}

* Each row will represent a unique "user" in your country.
* The **primaryOfficeId** column is the identifier for the civil registration office where the user will be located. Notice that the format is "CRVS\_OFFICE\_\<office **id**>". For example, all of these users aove will be created in Ibombo District Office
* The **givenNames** column must be the users' first names separated by using a space.
* The **familyName** column must be the users' first names separated by using a space.
* The **role** column is what maps to one of the **custom roles and scopes** authorization objects that you will create in the next section. It must map to a role **id** in the **roles** array.
* The **mobile** column must contain a mobile number **with** your country code. Ensure that the mobile number validates using whatever phone number regular expression that you intend to use when configuring application settings later. You can ignore this if you are not using phone numbers as a method of communication.
* The **username** column must be a unique username that the user will use to authenticate with when logging in.
* The **email** column must contain a valid email address
* The **password** column will be the password used for initial login. Refer to the note above.

### Digital signatures

It is configurable that some users have their signatures digitally printed onto certificates. Usually this is the case for civil registrar user types.\
\
[This website](http://www.onlinesignaturecreator.com/) can be used to create a transparent PNG if you do not have access to any other image editing software. There are many free websites you can find to convert a PNG image file to base64 text, such as [this one](https://www.base64-image.de/).

You can upload transparent PNGs to use for any user's signature at any time by editing the user in the "Team" section of the OpenCRVS UI.