User accounts are automatically created when Azure AD is integrated and configured with Druva inSync. When you define multiple Azure AD mappings, inSync automatically classifies the users, while creating the user accounts, based on the filter parameters and starts assigning the profile and storage specified in the Azure AD mapping.
However, it may be a case, where user accounts fall under multiple Azure AD mappings based on the defined criteria. In such cases, inSync administrators can define the priority for the mappings and users are imported based on the mapping sequence and the assigned profile and storage specified in that mapping.
When you create multiple Azure AD Mappings, inSync by default gives priority to the oldest Azure AD mapping. Azure AD mapping listed at the top has the highest priority while the one at the bottom has the lowest priority. By default, the latest Azure AD mapping defined is assigned the lowest priority.
inSync provides an option to change the priority of an Azure AD mapping after you create it.
Assume you have defined two Azure AD mappings that have the following criteria,
- General Users Mapping
- Import all users from the Engineering department
- Assign them to General Profile 1
- Per-user storage - 5 GB
- Executive Users Mapping
- Import Executive users that are also from the Engineering department
- Assign them to Executive Profile
- Per-user storage - 50 GB
General Users Mapping is created before Executive Users Mapping.
Here is how inSync imports users based on the criteria defined in the Azure AD mappings,
Executive users fall under both the Mappings. As General Users Mapping is created before the Executive Users Mapping, by default, it has the priority. All the users are imported to inSync, including Executive users, and assigned to the General Profile 1 and storage of 5 GB.
However, you want Executive users assigned to the Executive Profile and storage usage of 50 GB. In this case, you must change the priority of Executive Users Mapping from lowest to highest. inSync then, first classifies the Executive users and assigns them to Executive Profile and then other General users are assigned to the General Profile.
To change the priority of an Azure AD mapping,
- On the inSync Management Console, click Manage > Deployment > Users.
- On the User Deployment page, you can view the details of the existing Azure AD mappings. Click the Settings tab.
- In the Mapping Priority Order section, you can see the existing Azure AD mappings as per their defined priority. Click Edit to change the priority of an Azure AD mapping.
- Edit Mapping Priority Order pop-up with the list of all the Azure AD mappings appears. Select an Azure AD mapping to change its priority.
- Use the following options appropriately to change the priority of the selected Azure AD mapping.
- Move Up - Click this button if you want to increase priority one level up.
- Move Down - Click this button if you want to decrease priority one level down.
- Move to Top - Click this button if you want to change the priority to the highest.
- Move to Bottom - Click this button if you want to change the priority to the lowest.
- Click Save.
The priority of the selected Azure AD mapping is updated. inSync classifies users based on the updated priority of the Azure AD mapping and assigns them the profile and storage.