Skip to main content

How can we help you?

Druva Documentation

Create Azure AD Mapping

inSync Cloud Editions: File:/tick.png Elite Plus File:/tick.png Elite File:/cross.png Enterprise File:/cross.png Business

Overview

The inSync Azure AD mapping wizard allows you to create users in inSync by importing their details from your Azure AD. In Azure AD mapping, you can define filter parameters to extract users from your Azure AD.

The Azure AD mapping enables administrators to define the filter parameters (Azure AD attribute name) to automatically classify users and define the profile, storage region, and storage quota that should be assigned to the users who match the filter criteria.

An administrator can create multiple mappings to classify users based on the various Azure AD attribute name and value pairs. After creating multiple mappings, administrators can also specify the priority of the mapping based on which the user classification should take precedence.

  • If a user does not classify or fall under any Azure AD mapping created in inSync, the user account creation fails.
  • Druva recommends that you also create a default mapping with the configuration Allow any userThis default mapping will ensure that any users who do not classify or fall under any of the mappings are created with a default configuration. The priority of this default mapping can be set to the lowest.
  • Once you create an Azure AD mapping, you can only modify the Mapping Name and inSync configuration. You cannot modify the Users' criteria to filter users.
  • The filter is case sensitive. The value you specify in the Azure AD mapping and the attribute value should be in the correct case -  the same case that graph API returns. For example, 'displayName', 'companyName', 'postalCode', 'preferredDataLocation'.

Before you begin

Ensure you have:

Alternatively, you can also use Cloud Key Management System (KMS) instead of AD/LDAP Connector.

Procedure

  1. On the inSync Management Console menu bar, click Users > Deployment.
  2. On the Azure AD Deployment page, click the Mappings tab, click New Mapping.
  3. On the New Mapping wizard, under the Mapping Configuration tab, specify the following details:
    1. Azure AD Mapping Name - Specify a name for the Azure AD Integration mapping.
    2. Under the Filter Users section,
      • Select Use Azure AD attribute, if you want to configure users based on a specific Azure AD attribute name and matching values.
        • Specify the Azure AD attribute name.
        • In the Value(s) box, type the value for the attribute.

          The filter is case sensitive. The value you specify in the Azure AD mapping and the attribute value should be in the correct case. the same case that graph API returns. For example, 'displayName', 'companyName', 'postalCode', 'preferredDataLocation'.

          - Use a comma to specify multiple values for the attribute.
          - Only the user accounts, who match the values specified in the box are mapped to this mapping.

           

           

           

      • Else, select Allow any user if you want to import and configure users based on no criteria.
        Mapping Configuration tab.png
    3. Click Next.
    4. On the inSync Configuration tab, specify the following details:
      1. Select the Profile to which the users should be assigned if they are mapped using this Azure AD mapping.
      2. Select the Storage on which the user data should be saved.
      3. Specify the storage Default Quota per user. Enter 0 for unlimited storage.
      4. Select Send activation email to newly added users check box, if you want to send a inSync invitation email to the users who are added to inSync.
        insyncconfiguration_mapping.png
    5. Click Finish.

Azure AD mapping is created. You can create multiple mappings to define multiple combinations of Azure AD attributes and values to classify users in inSync and allocate them to a different profile, storage region, and storage quota.

Note:You can import users from Microsoft 365 Multi-Geo tenant based on their geo location, group them in a profile and assign Druva storage as per their geo location. Create Azure AD mapping  with attribute name as preferredDataLocation. For example, if your preferred  geo location is Canada, create  Azure AD mapping as follows: 

  • Azure AD Attribute {preferredDataLocation}

    =

    {CAN}

 

Once you create an Azure AD mapping, inSync automatically scans your Azure AD at a default sync interval of 60 minutes.

 

 

When you create an Azure AD mapping, inSync automatically, at a defined default  sync interval of 60 minutes, scans your Azure AD and performs the following actions:

  • Imports any new user added to Azure AD which matches the Azure AD mapping criteria and creates a new user in inSync. Auto-import of users is by default configured while creating the Azure AD mapping.
  • Updates user details of users managed using Azure AD.
  • If a user gets deleted from Azure AD, then the user status is changed to Preserved from Active on the inSync Management Console.

Any new Azure AD Mapping or an update to an existing Azure AD mapping is logged by inSync and displayed in the administrator audit trails. Audit trails is a feature that is part of the Governance offering. For more information, see View audit trail for administrators.

The User Provisioning Report also records the users' details managed by Azure AD.

Attributes for Azure AD mapping

inSync supports Microsoft 365 Graph API and attributes under user resource type.

The following table provides a list of attributes that you can use.

Attribute Sample Value
"accountEnabled" true,
"ageGroup" null,
"city" null,
"createdDateTime" "2020-12-24",
"creationType" null,
"companyName" "ABC",
"country" null,
"department" "QA",
"displayName" "'scriptalertXSSscript'_edited",
"employeeId" null,
"employeeHireDate" null,
"employeeOrgData" null,
"employeeType" null,
"isManagementRestricted" null,
"isResourceAccount" null,
"jobTitle" "SSE",
"legalAgeGroupClassification" null,
"mail" null,
"officeLocation" null,
"onPremisesDomainName" null,
"onPremisesImmutableId" null,
"onPremisesLastSyncDateTime" null,
"onPremisesSecurityIdentifier" null,
"onPremisesSamAccountName" null,
"onPremisesSyncEnabled" null,
"onPremisesUserPrincipalName" null,
"passwordPolicies" null,
"postalCode" null,
"preferredDataLocation" null,
"preferredLanguage" null,
"refreshTokensValidFromDateTime" "2020-12-24",
"showInAddressList" null,
"signInSessionsValidFromDateTime" null,
"state" null,
"streetAddress" null,
"surname" "lastn",
"usageLocation" null,
"userPrincipalName" "'scriptalertXSSscript'@druvainternal.onmicrosoft.com",
"externalUserState" null,
"externalUserStateChangeDateTime" null,
"userType" "Member",
  • Was this article helpful?