You can preserve a user in inSync at any point in time. Such users cannot backup any more data. inSync marks the users as preserved using one of the following techniques:
- Preserved manually by an administrator.
- Preserved automatically through AD/LDAP sync process.
- Preserved automatically when a user account is disabled or deleted in the IdP in case of SCIM deployment.
- Auto-deletion of preserved users managed using AD or LDAP is handled by the AD/LDAP auto-synchronization job, which is part of the auto-synchronization feature. For more information, see Synchronize users with your AD/LDAP.
- Auto-deletion of preserved users which are manually managed or managed using SCIM is handled by the auto-deletion job.
Both the jobs may run at a different time. Hence, administrators might observe that the preserved users, that are supposed to be deleted on a particular day, are deleted at different schedules when these jobs are run by inSync.
By default, there is a limitation to the number of users that you can mark as preserved. The number of users that you can preserve is dependent on the number of preserved user licenses purchased by your organization. For more information on how to preserve a user, see Preserve Users.
As a Cloud administrator, using the auto-delete preserved users feature, you can control the number of preserved users in inSync by automatically deleting preserved users after a certain duration, specified in the number of days.
When enabled, inSync automatically deletes users which are marked as preserved.
- Once the user is auto-deleted, data of that user is also deleted from inSync. You cannot recover this deleted data again.
- User data is retained or deleted based on the backup retention policy you have defined through profiles.
- If a preserved user is under Legal Hold, such user will not be deleted.
- If a preserved user has shared data with guest users and has guest user accounts having access to the data, such user will not be deleted.
To enable auto-deletion of preserved users
- On the Endpoints console, click Profiles.
- Select the profile for which you want to enable the auto-deletion of preserved users.
- Select the Edit button at the top right.
- Click the Endpoints option from the dropdown. The Edit Profile window appears.
- In the Data Preservation area, click Edit.
- Under the User Settings tab, go to the Device Settings for Users area.
- Select the Auto delete inactive devices checkbox.
- Set the number of days in the Delete inactive devices after field after which the user and their data should be automatically deleted from inSync and click Save.
- The users to be auto-deleted must be in Preserved state for a minimum of 30 days and maximum 366 days.
- If a user has been in Preserved state for 30 days and the number of days mentioned in the Delete preserved users after box is also 30, then, this user will be deleted during the next deletion job. Auto deletion is triggered everyday at UTC 9:00:00.
Preserved users in a profile are deleted automatically based on the days specified in the profile and the user is not on Legal Hold.
Note: Before deleting user accounts which are managed using AD or LDAP, inSync checks the status of the inSync Connector mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists. Preserved users are deleted irrespective of whether their accounts exist in the AD or LDAP or not.
The information and activities for the preserved users are mentioned in Preserved Users report.
Alert is sent to administrators if user preservation fails due to insufficient Preserved Users license. For more information, see Alerts.