inSync administrators can configure inSync to automatically synchronize inSync user accounts with the registered AD or LDAP.
When configured, inSync automatically, at a defined interval, scans your AD or LDAP and performs the following actions:
- Imports any new user added to AD/LDAP which matches the AD/LDAP mapping criteria and creates a new user in Druva inSync. Auto-import of users can be configured while creating the AD/LDAP mapping. For more information, see Auto-import users from your AD/LDAP.
- Updates user details of users managed using AD or LDAP. For more information, see Synchronize inSync user details with your AD/LDAP.
- Preserves any inSync user who has been disabled in your AD/LDAP.
- Identifies and enables users, who are currently preserved in inSync, but now enabled in AD/LDAP and fall under an AD/LDAP Mapping defined in inSync.
- Deletes the preserved user accounts based on the Data Preservation settings defined in the profile associated with the user.
The frequency for the scan is defined by Auto sync interval under AD/LDAP settings.
The following example helps you understand the synchronization of users in Druva inSync with your AD or LDAP.
Assume you are managing an AD user in inSync. The inSync profile associated with the user has the following Data Preservation settings:
- Auto delete preserved users - Yes
- Auto delete after - 45 days
The Auto-sync is interval is set to 24 hours.
If you disable the user in AD, when inSync scans your AD as per the defined auto-sync interval, inSync preserves the user in inSync Management Console. If the user stays in the preserved state for the next 45 days, inSync checks the inSync Connector connection status, and if connected, deletes the preserved user.
- You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.
- When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.
- Only inSync users which are auto-preserved are marked as Active as part of auto-sync process. Deleted users cannot be enabled again.
- If a user account is preserved, such user account must be part of the AD/LDAP Mapping. If the preserved user account does not fall under any AD/LDAP mapping, it is automatically deleted based on the Data Preservation settings defined in the profile associated with the user account.
- Before deleting user accounts which are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists.
To enable automatic synchronization of inSync users with your AD/LDAP,
- On the inSync Management Console, click Manage > Deployments > Users. The AD/LDAP page with details of existing AD/LDAP Mappings appears.
- Click the AD/LDAP Settings tab.
- In the AD/LDAP Settings area, and click Edit.
- Select the Auto preserve unmapped users check box.
- Click Ok.