Skip to main content
Druva Documentation

Configure inSync to use UUPIC for SSO

Overview

You can configure inSync to use Single Sign-on (SSO) to authenticate and authorize users. By default, inSync uses email address as the unique identifier for Authentication. Additionally, inSync provides an option to configure Uniform Universal Personal Identification Code (UUPIC) as a custom attribute to identify users and administrators in your organization. For this, inSync connects to Active Directory to get the UUPIC.

Contact Druva Support to enable this configuration option for you. Once enabled, you can configure an identifier for inSync users and administrators who log in using SSO.  

UUPIC for SSO of inSync users and administrators

The following guidelines govern the configuration of inSync to use UUPIC for SSO of inSync users and administrators:

  • inSync obtains and uses the UUPIC value only to identify and authorize users to access inSync Client and administrators to access the inSync Management Console.
  • inSync never displays UUPIC value on the inSync Management Console or inSync Client UI.
  • UUPIC for inSync administrators is currently available only for inSync GovCloud accounts.
  • At least one AD/LDAP mapping must exist in inSync to successfully the sync users and administrators with UUPIC . For more information, see Create an AD/LDAP mapping.

Configure inSync to use UUPIC for users and administrators

To configure inSync to use UUPIC for SSO authentication:

  1. On the inSync Management Console menu bar, click Manage > Users. AD/LDAP page with existing AD/LDAP Mapping list appears.
  2. Click AD/LDAP Settings tab.
  3. In the AD/LDAP Settings area, click Edit.
  4. In the Custom Attribute for SSO box, type the exact name of the custom field for using UUPIC as the unique identifier for authenticating and authorizing users uniquely. For example, employeeNumber.

    ConfigUUPICADmin.png
  5. Click Ok to save the changes.

inSync obtains the UUPIC details of the users from your AD through a query triggered by the  Auto sync interval. Only the user details are fetched with this query. The administrator details must be synced separately, as specified below.

Note: If you do not want to wait for inSync to automatically import users from your AD, you can  manually start the import user process. For more information, see Manually import users from your AD.

Synchronize existing administrators with UUPIC

You can perform this synchronization only for the existing inSync administrators.

To synchronize existing administrators with UUPIC:

  1. On the inSync Management Console menu bar, click Manage > Users. AD/LDAP page with existing AD/LDAP Mapping list appears.
  2. Click AD/LDAP Settings tab.
  3. In the AD/LDAP Settings area, click Sync Custom Attribute
    A confirmation message is displayed indicating the number of successful and failed syncs. 

    UUPICSyncMsg.png

    The number of failed syncs indicates the number of administrator accounts for which inSync did not find the specified identifier value in the Active Directory.

Once UUPIC is enabled, you can create a new administrator only if the associated identifier is present in the Active Directory.

For additional support on configuring UUPIC as a custom value for SSO, contact Druva Support

  • Was this article helpful?