Change user provisioning from SCIM to AD/LDAP
Overview
inSync provides the option to change the user provisioning method from SCIM to AD/LDAP and vice versa, while preserving the user's backed-up data.
This section provides:
- The detailed impact of changing the user provisioning method from SCIM to AD/LDAP
- The procedure to change user provisioning from SCIM to AD/LDAP
- Next steps after changing the provisioning method from SCIM to AD/LDAP
Impact of changing the user provisioning method from SCIM to AD/LDAP
Changing the user provisioning method from SCIM to AD/LDAP has the below impact:
- SCIM mappings and settings used to manage users in inSync are deleted.
- SCIM API token is deleted
- SCIM app configured in the IdP will not work as its token gets deleted. Login to the IdP console and delete the Druva app used for user provisioning.
- User provisioning mode for all users will be changed to Manual provisioning.
Change user provisioning from SCIM to AD/LDAP
- Go to the User page from Endpoints/SaaS Apps console.
-
Select the Deployment tab.
- On the summary section, click
and select the Change User Deployment method option. - Select AD/LDAP as the provisioning method and click Save. A confirm message appears.
All users will be moved to manual provisioning mode and will not be mapped to an AD mapping automatically.
- Select Confirm in the dialog box. A confirmation message is displayed indicating the user provisioning method successfully changed to AD/LDAP.
Error preventing a change in the provisioning method
In a rare scenario, you may see the below error message while changing the provisioning method from SCIM to AD.
Changing the provisioning method fro SCIM to AD fails whenever this error occurs.
Resolution: Regenerate the SCIM token and reconfigure the SCIM app with the new token. Subsequently, try to change the provisioning method from SCIM to AD/LDAP again.