You can preserve a user in inSync at any point of time. Such users cannot backup any more data. inSync marks the users as preserved using one of the following techniques:
- Preserved manually by an administrator.
- Preserved automatically through AD/LDAP sync process.
- Preserved automatically when a user account is disabled or deleted in the IdP in case of SCIM deployment.
- Auto-deletion of preserved users managed using AD or LDAP is handled by the AD/LDAP auto-synchronization job, which is part of the auto-synchronization feature. For more information, see Synchronize inSync users with your AD/LDAP.
- Auto-deletion of preserved users which are manually managed or managed using SCIM is handled by the auto-deletion job.
Both the jobs may run at a different time. Hence, inSync administrators might observe that the preserved users, that are supposed to be deleted on a particular day, are deleted at different schedules when these jobs are run by inSync.
By default, there is a limitation to the number of users that you can mark as preserved. The number of users that you can preserve is dependent on the number of preserved user licenses purchased by your organization. For more information on how to preserve a user, see Preserve Users.
As a Cloud administrator, using auto-delete preserved users feature, you can control the number of preserved users in inSync by automatically deleting preserved users after a certain duration, specified in the number of days.
When enabled, inSync automatically deletes users which are marked as preserved.
- Once the user is auto-deleted, data of that user is also deleted from inSync. You cannot recover this deleted data again.
- User data is retained or deleted based on the backup retention policy you have defined through profiles.
- If a preserved user is under Legal Hold, such user will not be deleted.
- If a preserved user has shared data with guest users and has guest user accounts having access to the data, such user will not be deleted.
To enable auto-deletion of preserved users
- On the inSync Management Console, click Profiles.
- Click the profile for which you want to enable auto-deletion of preserved users.
- Click the General tab.
- In the Data Preservation area, click Edit.
- Select the Auto delete preserved users check box.
- In the Auto Delete after box, type the number of days after which the user and their data should be automatically deleted from inSync.
- The users to be auto-deleted must be in Preserved state for a minimum of 30 days and maximum 366 days.
- If a user has been in Preserved state for 30 days and the number of days mentioned in the Delete preserved users after box is also 30, then, this user will be deleted during the next deletion job. Auto deletion is triggered everyday at UTC 9:00:00.
- Click Save.
inSync profile is updated with the changes. inSync automatically deletes preserved users in this profile, based on the days specified, and if the user is not on Legal Hold.
Note: Before deleting user accounts which are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists. Preserved users are deleted irrespective of whether their accounts exist in the AD or LDAP or not.
inSync provides you information on the Preserved users in inSync through Preserved Users report.
inSync sends alerts to administrators if user preservation fails in inSync, because of insufficient Preserved Users license. For more information, see Alerts.