Skip to main content


 

 

How can we help you?

 

 
Druva Documentation

Synchronize inSync users and user details with your AD/LDAP

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

inSync administrators can configure inSync to automatically synchronize inSync user accounts and their details with the registered AD or LDAP.

Synchronize user details

inSync enables you to schedule an automatic update of user details at a defined interval. It is applicable for all the users imported in inSync using AD/LDAP Mappings.

The following information is automatically updated when you enable the Auto update user details setting in inSync,

  • inSync user name
  • inSync user email address
  • inSync user AD/LDAP user name

The frequency for a scan is defined by Auto sync interval under AD/LDAP settings.  

Note:

  • inSync updates the user name only if the CN (Common Name) or UPN of the user based on the AD/LDAP Mapping configuration.
  • You can only synchronize user details for whom you imported using your AD/LDAP. You cannot synchronize user details whom you added individually or through a CSV file.
  • When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.

Procedure 

To enable automatic synchronization of inSync user details with your AD/LDAP,

  1. On the inSync Management Console, click Users > User provisioning. The User Provisioning page appears.
  2. In the summary section, click the three-dot menu and then click Edit.
  3. Select the Auto update user details check box.
  4. Click Save.

inSync now automatically, at the defined interval, queries your AD/LDAP for user details and updates it in inSync.

Synchronize inSync users

When configured, inSync automatically, at a defined interval, scans your AD/LDAP and performs the following actions:

  • Imports any new user added to AD/LDAP which matches the AD/LDAP mapping criteria and creates a new user in Druva inSync. Auto-import of users can be configured while creating the AD/LDAP mapping. For more information, see Import users from your AD/LDAP.
  • Updates user details of users managed using AD or LDAP. For more information, see Synchronize inSync user details with your AD/LDAP.
  • Preserves any inSync user who has been disabled in your AD/LDAP.
  • Identifies and enables users, who are currently preserved in inSync, but now enabled in AD/LDAP and fall under an AD/LDAP Mapping defined in inSync.
  • Deletes the preserved user accounts based on the Data Preservation settings defined in the profile associated with the user.

The frequency for the scan is defined by Auto sync interval under AD/LDAP settings.

Example

The following example helps you understand the synchronization of users in Druva inSync with your AD/LDAP.

Assume you are managing an AD user in inSync. The inSync profile associated with the user has the following Data Preservation settings:

  • Auto delete preserved users - Yes
  • Auto delete after - 45 days

The Auto-sync is interval is set to 24 hours.

If you disable the user in AD, when inSync scans your AD/LDAP as per the defined auto-sync interval, inSync preserves the user in inSync Management Console. If the user stays in the preserved state for the next 45 days, inSync checks the inSync Connector connection status, and if connected, deletes the preserved user. 

Note:

  • You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.
  • When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.
  • Only inSync users which are auto-preserved are marked as Active as part of auto-sync process. Deleted users cannot be enabled again.
  • If a user account is preserved, such user account must be part of the AD/LDAP Mapping. If the preserved user account does not fall under any AD/LDAP mapping, it is automatically deleted based on the Data Preservation settings defined in the profile associated with the user account.
  • Before deleting user accounts which are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists.

Procedure

To enable automatic synchronization of inSync users with your AD/LDAP,

  1. On the inSync Management Console, click Manage > User Provisioning > Users. The User Provisioning page appears.
  2. In the summary section, click the three-dot menu and then click Edit.
  3. Select the Auto preserve unmapped users check box.
  4. Click Save