Skip to main content

How can we help you?

Druva Documentation

Manage users using SCIM

Introduction

Druva enables inSync administrators to automate user management in Druva inSync using System for Cross-domain Identity Management (SCIM) v2.0. SCIM is a standard for the exchange of user identities between identity providers (IdPs) and applications requiring user identity information (such as enterprise SaaS apps).

Organizations use Identity Providers (IdPs) as a source directory to manage and authenticate users to provide access to different applications. After you integrate Druva inSync with SCIM-compliant IdPs, users are automatically managed based on the actions in the IdP.

Druva inSync complies with the following RFC standards for SCIM implementation:

After integration with SCIM,

  • User accounts are automatically created in Druva inSync when new user accounts are assigned to the SCIM app in the IdP.
  • User account status and their information are automatically updated in Druva inSync based on the updates in the IdP. The following updates to user information are supported currently:
    • Change in Display Name (combination of First Name + Last Name or vice-versa)
    • Change in the Email address
    • Change in User account status update, that is, change of user account status from active to inactive, and inactive to active only.
  • User accounts are automatically preserved in Druva inSync when user accounts are deactivated from the IdP or deleted from the SCIM app.
  • Druva inSync does not make any updates to the user information in the IdP, that is, Druva inSync does not create, update, or delete any user accounts or modify their information.
  • Users preserved by inSync administrator in the inSync Management Console, cannot be re-activated from the IdP.
  • If a user is deactivated from IdP, administrators need to again assign the SCIM app to the user to activate (change user account status from Preserved to Active) the user account in inSync.
  • Manually created users are automatically managed using SCIM after their accounts are assigned the SCIM app in the IdP.

 

Benefits of using SCIM over other available user management options in Druva inSync

  • SCIM based user management is fully-automated compared to CSV based user management. It reduces administrator efforts to create and manage users consistently.

  • Real-time sync of user accounts and their information in IdPs with Druva inSync. Unlike AD or LDAP sync which works at a fixed interval , IdPs push the user data whenever any updates are made in the IdP.

  • Druva Cloud Apps only customers can leverage UPN in their IdP to identify and manage users in Druva inSync. 

  • Eliminates the need for AD or LDAP deployment. It reduces complexity, risk, and time to manage users across multiple SaaS applications.

 

  • The option to use SCIM is available only to customers who have not used AD or LDAP to manage users in Druva inSync.
    • No AD or LDAP account must be configured to import users in Druva inSync Management Console.
    • No AD or LDAP mapping should exist in Druva inSync Management Console.
    • No AD or LDAP managed user in 'Active' and 'Preserved' state should exist in the Druva inSync Management Console.
  • Once you select SCIM for user management, you cannot reconfigure Druva inSync again to manage using AD or LDAP. Hence, as an inSync administrator, you must first analyze and define the user management process and then choose a suitable approach.
  • The profile and storage assigned to the manually added users in Druva inSync and which you may want to manage using SCIM, stay the same even after the migration.

Certified SCIM based IdPs

The following SCIM v2.0 compliant IdPs are certified by Druva:

  • Okta
  • Microsoft Azure AD

*Druva will provide certified solutions for other SCIM 2.0 compliant IdPs through its partnership program. Contact Druva Support for technical assistance if you wish to use other SCIM v2.0 compliant IdPs.

Supported provisioning actions

The following SCIM provisioning actions are supported:

  • Creation of individual user accounts
  • Update to user account status and information. The following information updates are supported currently:
    • Display Name (combination of First Name + Last Name) update
    • Email address update
    • User account status update. Change of user account status from active to de-active, and de-active to active only.
  • Deactivation or deletion of user accounts
  • Deactivation or deletion of a user in the IdP leads to preservation of the user account in Druva inSync.

Unsupported provisioning actions

The following SCIM provisioning actions are not supported:

  • Password sync
  • Managing or migration of user accounts from Druva inSync to IdPs
  • Managing of user groups within IdPs in Druva inSync

Workflow to manage users using SCIM in Druva inSync

user_creation_workflow_scim.png

Workflow to manage Cloud Apps only user accounts in Druva inSync

  1. Create a Profile which has only Cloud Apps enabled and settings configured in it. For more information, see Create and manage profiles.
  2. Configure Cloud Apps settings to define the user access settings of their Cloud Apps account. By default, Druva inSync uses the email address of inSync users. You can configure inSync to use the User Principal Name (UPN). For more information, see Configure Cloud Apps Settings.
  3. Configure Druva inSync to use SCIM for user management. For more information, see Step 01.
  4. In the IdP, ensure you configure the userPrincipalName SCIM attribute and define the value for it. For more information, see Configure IdP to integrate with Druva inSync.

Step 1: Configure Druva inSync to use SCIM to manage users

inSync Cloud administrators must define the user import type in the inSync Management Console. To configure and use SCIM for managing users in the inSync Management Console, perform the following steps:

  1. On the inSync Management Console menu bar, click Users > Deployment.
  2. On the User Deployment page, click Use SCIM to use SCIM based IdPs to import and manage users.
    choose_scim_main.png
  3. On the confirmation dialog box that appears, read the message and click Confirm.

Once you select SCIM for user management in the inSync Management Console, you cannot use AD or LDAP for user management.

You are redirected to generate a token to integrate IdP with Druva inSync.

Step 2: Generate a token to integrate IdP with Druva inSync

As an inSync Cloud administrator, after you select SCIM for user management,  you must generate a token to integrate the IdP from which you want to manage users in Druva inSync. A token is a key to identify and authenticate the IdP with Druva inSync.

  • If you see the message - API gateway feature is disabled for your account, kindly contact Druva Support to enable this feature for your account.
  • Only a Druva Cloud administrator and inSync Cloud administrator can generate a token.
  • You must copy the token and save it immediately when you generate it. The token is not saved in the inSync Management Console. 
  • Once generated, the token is valid for 365 days.
  • If you or any other inSync Cloud administrator regenerates a token, the previous token becomes invalid. The new token must be used to reconfigure the existing SCIM app.

Procedure

To generate a token:

In the previous step, if you are redirected to the Settings tab on the User Deployment page, click Generate Token in the Auth Token for SCIM section.

Alternatively,

  1. On the inSync Management Console menu bar, click Users > Deployment.
  2. On the User Deployment page, click the Settings tab.
  3. In the Auth Token for SCIM section, click Generate Token.

Generate_token_fade.png

The token is generated. Copy the token and save it. Use it to enable API Integration of IdP with Druva inSync later in Step 5.

Step 3: Create a SCIM mapping

A SCIM mapping enables inSync administrators to define the filter parameters (SCIM attributes configured in the IdP) to automatically classify users and define the profile, storage region, and storage quota that should be assigned to the users who match the filter criteria.

An inSync administrator can create multiple mappings to classify users based on the various SCIM attributes and value pairs. After creating multiple mappings, administrators can also specify the priority of the mapping based on which the user classification should take precedence.

Druva inSync supports the standard SCIM attributes. You can even map the custom SCIM attributes and create a mapping to classify the users.

 

 

  • The SCIM attributes that you define in the SCIM mapping must be mapped to the IdP attributes in the IdP; else the user creation fails.
  • If a user does not classify or fall under any SCIM mapping created in Druva inSync, the user account creation fails.
  • Druva recommends that you also create a default mapping with the configuration 'Allow any user'. This default mapping will ensure that any users who do not classify or fall under any of the mappings are created with a default configuration. The priority of this default mapping can be set to lowest.
  • Once you create a SCIM mapping, you can only modify the Mapping Name and inSync configuration. You cannot modify the Users criteria to filter users.
  • The filter is case sensitive. The value you specify in the SCIM mapping and the attribute value in IdP should be in the same case.

Before you begin

Ensure you have:

  • Created a Profile - A profile is a set of configuration that is applied to a set of users. Using profiles, you can define the data sources for backup, generic backup configuration parameters that are automatically applied to all the users that belong to that profile. For more information, see Create and manage profiles.
  • Your Druva inSync storage region is configured.

Procedure

  1. On the inSync Management Console menu bar, click Users > Deployment.
  2. On the User Deployment page, under the Mappings tab, click New Mapping.
  3. On the Create Mapping wizard, under Mapping Configuration tab, specify the following details:
    1. Mapping Name - Specify a name for the SCIM mapping.
    2. Under the Users section,
      • Select Filter by SCIM attribute, if you want to configure users based on a specific SCIM attribute and matching values.
        • Specify the SCIM Attribute name.
        • In the Value(s) box, type the value for the attribute.
          The filter is case sensitive. The value you specify in the SCIM mapping and the attribute value in the IdP should be in the same case.
          - Only the characters a-z, A-Z, 0-9, and underscore (_) are supported.
          - Use a comma to specify multiple values for the attribute.
          Only the user accounts, who match the values specified in the box are mapped to this mapping.
      • Else, select Allow any user if you want to import and configure users based on no criteria.
        scim_mapping_1.png
    3. Click Next.
    4. On the inSync Configuration tab, specify the following details:
      1. Select the Profile to which the users should be assigned to if they are mapped using this SCIM mapping.
      2. Select the Storage on which the user data should be saved.
      3. Specify the storage Quota per user.
      4. Select Send activation email to newly added users check box, if you want to send Druva inSync invitation email to the users who are added to Druva inSync.
        scim_mapping_2.png
    5. Click Finish.

SCIM mapping is created. You can create multiple mappings to define multiple combinations of SCIM attributes and values to classify users in Druva inSync and allocate them a different profile, storage region, and storage quota.

Any new SCIM Mapping or an update to an existing SCIM mapping is logged by inSync and displayed in the administrator audit trails. Audit trails is a feature that is part of the Governance offering. For more information, see View audit trail for administrators.

(Optional) Step 4: Define priority for the SCIM mapping

User accounts are automatically created when the IdP is integrated with Druva inSync. When you define multiple SCIM mappings, inSync automatically classifies the users, while creating the user accounts, based on the filter parameters and starts assigning the profile and storage specified in the SCIM mapping.

However, it may be a case, where user accounts fall under multiple SCIM mappings based on the defined criteria. In such cases, Druva inSync administrators can define the priority for the mappings and users are imported based on the mapping sequence and assigned the profile and storage specified in that mapping.

When you create multiple SCIM Mappings, Druva inSync by default gives priority to the oldest SCIM mapping. SCIM mapping listed at the top has the highest priority while the one at the bottom has the lowest priority. By default, the latest SCIM mapping defined is assigned the lowest priority.

inSync provides an option to change the priority of a SCIM mapping after you create it.

Example

Assume you have defined two SCIM mappings that have the following criteria,

  • General Users Mapping
    • Import all users from the Engineering department
    • Assign them to General Profile 1
    • Per-user storage - 5 GB
  • Executive Users Mapping
    • Import Executive users that are also from the Engineering department
    • Assign them to Executive Profile
    • Per-user storage - 50 GB

General Users Mapping is created before Executive Users Mapping.

Here is how inSync imports users based on the criteria defined in the SCIM mappings,

Executive users fall under both the Mappings. As General Users Mapping is created before the Executive Users Mapping, by default, it has the priority. All the users are imported to Druva inSync, including Executive users, and assigned to the General Profile 1 and storage of 5 GB.

However, you want Executive users assigned to Executive Profile and storage usage of 50 GB. In this case, you must change the priority of Executive Users Mapping from lowest to highest. Druva inSync then, first classifies the Executive users and assigns them to Executive Profile and then other General users are assigned to the General Profile.

Procedure

To change the priority of a SCIM mapping,

  1. On the inSync Management Console, click Users > Deployment.
  2. On the User Deployment page,  you can view the details of the existing SCIM mappings. Click the Settings tab.
  3. In the Mapping Priority section, you can see the existing SCIM mappings as per their defined priority. Click Edit to change the priority of a SCIM mapping.
  4. Mapping Priority for User Import window with the list of all the SCIM mappings appears. Select a SCIM mapping to change its priority.
  5. Use the following options appropriately to change the priority of the selected SCIM mapping.
    • Move Up - Click this button if you want to increase priority one level up.
    • Move Down - Click this button if you want to decrease priority one level down.
    • Move to Top - Click this button if you want to change the priority to the highest.
    • Move to Bottom - Click this button if you want to change the priority to the lowest.
      mapping_priority_scim.png
  6. Click Save.

Priority of the selected SCIM mapping is updated. inSync classifies users based on the updated priority of the SCIM mapping and assigns them the profile and storage.

Step 5: Configure IdP to integrate with Druva inSync to manage users

After configuring Druva inSync, inSync administrator must configure the IdP to integrate with Druva inSync. After successful integration, users from the IdP are created in Druva inSync.

Follow these steps to integrate an IdP with Druva inSync:

  1. Create a custom SCIM app in the IdP. 
  2. Enable API Integration with Druva inSync.
  3. Configure and map the SCIM attributes with the IdP attributes in the SCIM app.
  4. Assign users to the SCIM app.

Manage Users from Okta using SCIM

The following steps are specific to Okta and can be performed in the Classic UI of the Okta Administrator Console.

1: Create a custom SCIM app

  1. Login into Okta as an administrator. You either must be a super administrator or have an administrator account with the rights to create and manage apps.
  2. If you are using the Okta Developer Console, select Classic UI in the drop-down menu located above the Okta menu bar.
  3. On the Okta menu bar, click Applications > Applications.
  4. On the Applications page, click Add Applications.
  5. In the Search for an application box, search and select the SCIM 2.0 Test App (OAuth Bearer Token) application.
  6. Configure the General Settings as per your requirement and click Next.
    scim_app_creation_pg1.png
  7. Under the Sign-On Options tab,
    1. Under SIGN ON METHODS, select and configure the preferred Sign On method.
    2. Under CREDENTIAL DETAILS area,
      1. Select Email as the Application Username format.
      2. Configure the other settings as per your requirement and click Done.

scim_app_2.png

The SCIM app is created. Proceed to integrate this SCIM app with Druva inSync.

2: Enable API Integration with Druva inSync

Pre-requisite

Procedure

  1. Search for the SCIM app, you created in the earlier step, in the list of applications and open it.
  2. Click the Provisioning tab.
  3. To enable provisioning and integrate the SCIM app with Druva inSync, click Configure API Integration.
  4. Select Enable API Integration check box to configure API integration.
  5. In the SCIM 2.0 Base Url box, specify the following Druva inSync Cloud End-point URL.
    Format: https://apis.druva.com/insync/scim
  6. In the OAuth Bearer Token box, enter the token that you generated in the inSync Management Console for SCIM-based user management in Step 2.
    scim_app_int_new.png
  7. Click Test API Credentials to test your integration.
  8. If the test is successful, click Save.

3: Configure and map the SCIM attributes with the IdP attributes in the SCIM app

The SCIM app, that you just created, comes with the default base attributes and values. Druva inSync requires only a few mandatory attributes (listed in Step 7 of the following procedure). You should also add or define your custom SCIM attributes that you plan to use in the SCIM mapping to classify the users in Druva inSync.

  • Druva recommends you to delete the unwanted SCIM attributes from the list.
  • The custom attributes, except the userPrincipalName custom attribute, that you map in the IdP are not stored in Druva inSync. Custom attributes are only used to evaluate the SCIM mappings that you create in the Druva inSync Management Console.

Procedure

  1. Search for the SCIM app in the list of applications and open it.
  2. Click the Provisioning tab.
  3. In the left-hand side panel, select To App tab.
  4. In the right-hand side panel, click Edit to select the provision the SCIM app with Okta attributes.
  5. Select Enable for the following actions:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  6. Click Save.
    config_page_half.png
  7. Now, scroll down until you see the Attribute Mapping section. Define the value for the SCIM attributes as listed in the following table. Also add the custom attributes that you want to use in Druva inSync to create a SCIM mapping for classifying users.

Delete all the other SCIM attributes. To delete the attributes, select Go to Profile Editor, and delete the attributes. For more information on adding and removing the attributes, see Okta documentation.

The following attributes are mandatory in Druva inSync. Retain the following attributes and create a mapping with Okta attribute value

SCIM app attributes used by inSync Okta attribute
userName Email (Attribute value should be in email format)
displayName

Map the value that you want to see as Display Name of the user in Druva inSync.  

Druva recommends the following format as the displayName attribute value.

Create the following as an Expression:
String.append(user.firstName, String.append(' ', user.lastName)) 

userPrincipalName (Add it as a custom attribute)

Set the value userPrincipalName attribute value.

If the userPrincipalName custom attribute is not specified, the displayName attribute value is populated as the userPrincipalName attribute value in inSync Management Console.

While configuring an attribute, specify the following as the External Namespaceurn:ietf:params:scim:schemas:core:2.0:User

config_app_scim_upper.png

After configuring the attributes and specifying the values, assign the SCIM app to users in your organization.

4: Assign users to the SCIM app

The last step of the SCIM app configuration is to assign the SCIM app to the users and groups that you want to manage in Druva inSync.

You can assign the SCIM app to Groups that you have created in Okta if you want to bulk assign it to the users. All the users in the group are automatically assigned the SCIM app, and their accounts are created in Druva inSync.

Procedure

  1. Search for the SCIM app in the list of applications and open it.
  2. Click the Assignments tab.
  3. Click Assign > Assign to People, if you want to assign the SCIM app individually to the users.
    OR
    Click Assign > Assign to Groups if you want to assign the SCIM app to groups containing users.
  4. Assign the SCIM app to users or groups, based on your preference.
    assign_app.png

Ensure you assign the SCIM app to every user whose account you want to manage in Druva inSync. After you assign the SCIM app to the users, their accounts are automatically created in Druva inSync and configured as per the SCIM mapping.

Manage Users from Microsoft Azure Active Directory using SCIM 

1: Create a custom SCIM app

Procedure

  1. Login into Microsoft Azure Active Directory Portal (Azure Portal) as an administrator. You either must be a super administrator or have an administrator account with the rights to create and manage apps.
  2. On the Azure AD Console left-hand side panel, click Azure Active Directory and then under Manage > Enterprise Applications.
  3. On the Enterprise applications > All applications page, click + New application.
  4. On the Add an application page, click Non-gallery application to create a custom SCIM app.
  5. On the Add your own application page, located on the right-hand side, provide a Name for this custom SCIM app and click Add. Example - Druva inSync SCIM app. The App Overview page appears.

The SCIM app is created. Proceed to integrate this SCIM app with Druva inSync.

2: Enable API Integration with Druva inSync

Pre-requisite

Procedure

  1. Find and select your SCIM app in the All Services > Enterprise Applications section of the Azure portal.
  2. On the App Overview page, select Provisioning under Manage on the left pane.
  3. On the Provisioning pane, select Provisioning mode as Automatic.
  4. Under Admin credentials section,
    • In the Secret Token box, enter the token that you generated in the inSync Management Console for SCIM-based user management in Step 2.
  5. Click Test Connection to test and try Azure Active Directory attempt to connect to the Druva inSync SCIM endpoint.
  6. If the test is successful, click Save.
    Azure_scim_1.png

Proceed to configure the Azure AD Mapping and map the SCIM attributes with the Azure AD attributes.

3. Configure and map the SCIM attributes with the Azure AD attributes in the SCIM app

As an administrator, you can view and edit what user attributes should flow between Azure AD and Druva inSync, when user accounts are provisioned or updated. The custom SCIM app, that you created, comes with the default base attributes and values. Druva inSync requires only a few mandatory attributes (listed in Step 6 of the following procedure). You should also add or define your custom SCIM attributes that you plan to use in the SCIM mapping to classify the users in Druva inSync.

  • Druva recommends you to delete the unwanted SCIM attributes from the list.
  • The custom attributes, except the userPrincipalName custom attribute, that you map in the IdP are not stored in Druva inSync. Custom attributes are only used to evaluate the SCIM mappings that you create in the Druva inSync Management Console.

Procedure

  1. If you are on the home page of the Azure Portal, find and select your SCIM app in the All Services > Enterprise Applications section.
  2. On the App Overview page, select Provisioning under Manage on the left pane.
  3. Click the Mappings configuration.
  4. On the Attribute Mapping page, enable Synchronize Azure Active Directory Users to <name of your SCIM app>.
  5. Select the following Target Object Actions:
    • Create
    • Update
    • Delete
  6. In the Attribute Mapping section, define the value for the SCIM attributes as listed in the following table. Also add the custom attributes that you want to use in Druva inSync to create a SCIM mapping for classifying users.
    Delete all the other SCIM attributes. For more information on customizing   SCIM attributes, see  Azure Portal documentation.

 The following attributes are mandatory in Druva inSync. Retain the following attributes and create a mapping with Azure AD  attribute value

SCIM app attributes used by inSync Azure AD attribute
userName mail (Attribute value should be in email format)
displayName

Map the value that you want to see as Display Name of the user in Druva inSync.  

Druva recommends the following format as the displayName attribute value.

Create the following as an Expression:

Join(" ",[givenName],[surname]) 

externalId

*Optional attribute

objectId
userPrincipalName

Set the value userPrincipalName attribute value.

If the userPrincipalName custom attribute is not specified, the displayName attribute value is populated as the userPrincipalName attribute value in inSync Management Console.

azure_scim_2.png 

  1.  On the App Overview page, scroll down to the Settings section and update the following settings:
    • Set Provisioning Status to Yes.
    • Set Scope as Sync only assigned users and groups.
      azure_scim_3.png

After configuring the SCIM app, assign the SCIM app to users in your organization.

4: Assign users to the SCIM app

The last step of the SCIM app configuration is to assign the SCIM app to the users and groups that you want to manage in Druva inSync.

You can assign the SCIM app to Groups that you have created in Azure AD if you want to bulk assign it to the users. All the users in the group are automatically assigned the SCIM app, and their accounts are created in Druva inSync.

Procedure

  1. If you are on the home page of the Azure Portal, find and select your SCIM app in the All Services > Enterprise Applications section.
  2. On the App Overview page, select Users and groups under Manage on the left pane.
  3. In the right pane, click +Add User.
  4. On the Add Assignment page, search and select the Users or Group of users and assign the SCIM app.

Ensure you assign the SCIM app to every user whose account you want to manage in Druva inSync. After you assign the SCIM app to the users, their accounts are automatically created in Druva inSync and configured as per the SCIM mapping.

Step 6: View the user accounts managed using SCIM

inSync administrators can view the account created and managed using SCIM in the inSync Management Console.

  • Manage Users page - The Manage Users page lists all the users created and managed in Druva inSync. For more information, see Manage Users page.
  • User Provisioning Report - This report lists the user accounts created and managed using SCIM and also displays information like the account status, profile, and storage assigned to the users. For more information, see User Provisioning Report.

If the Username of the users managed using SCIM has special characters ?, *, /, \, < or >, they are automatically replaced by a _ (underscore).

User Provisioning Report

The User Provisioning report provides information about the users provisioned in Druva inSync using the SCIM.

Access Path

On the inSync Management Console menu bar, click Reports > User Provisioning Report.

Description

The following table lists the fields in the User Provisioning report.

Field Description
User Name Displays the user name of the inSync user provisioned using the IdP.
Email Displays the email address of the user.
Profile Displays the name of the profile the user is associated with in inSync.
User Status Displays the account status of the user in inSync.
Created On Displays the user account creation date in inSync.
Managed By Displays the name of IdP which is managing the user in inSync.

Change user provisioning from AD/LDAP to SCIM

Overview

inSync provides the option to change the user provisioning method from AD/LDAP to SCIM and vice versa, while preserving the user's backed up data. 

This section provides:

  • The detailed impact of changing the user provisioning  method from AD/LDAP to SCIM
  • The checks to perform before changing the provisioning method from AD/LDAP to SCIM
  • The procedure to change user provisioning from AD/LDAP to SCIM
  • Next steps after changing the provisioning method from AD/LDAP to SCIM

After successfully changing the user provisioning method from AD/LDAP to SCIM, inSync performs backups according to the profile settings.

Impact of changing the user provisioning method from AD/LDAP to SCIM

Changing the user provisioning method from AD/LDAP to SCIM has the below impact:

  • The following configurations get deleted from the inSync Management Console during the change in provisioning:
    • AD/LDAP mappings used to manage users in inSync.
    • CloudCache mappings associated with the AD/LDAP users.
    • All AD/LDAP user accounts created in inSync.

      ADtoSCIMimpact.png
  • The user accounts provisioned using AD/LDAP and added to inSync Share groups will be detached from their respective group when the provisioning method changes to SCIM.
  • User provisioning mode for all users will be changed to Manual provisioning.
  • The User Deployment page (Manage > Users) UI of the inSync Management Console changes to conform to mappings related to SCIM provisioning.

    UserDeploymentPg.png

Checks to be performed before changing the provisioning method

Ensure that none of the profiles assigned to the users that are provisioned from AD to SCIM have AD/LDAP Account as their authentication method. The provisioning is aborted  with the below error if the authentication method in any of the profiles is set to AD/LDAP Account. 

ADLDAPAccountWithError.png

If you see the above error message while changing the provisioning method, set an authentication method to other than AD/LDAP Account in the respective profile and try to provision the users again. See Update a profile.

Change user provisioning from AD/LDAP to SCIM

  1. Login to inSync Management Console and go to GearIconNew.pngSettings.
  2. Open the Deployment tab. Under User Provisioning, the Provisioning Method is set as AD/LDAP.

    ADtoSCIMSettingsPg.png
  3. Click Edit to change the provisioning method. 
  4. On the Edit Settings dialog box, change the Provisioning Method to SCIM.

    ADtoSCIMEditSettings.png
  5. Click Save.  inSync asks for a confirmation and indicates the impact of the change in user provisioning method.

     All users will be moved to manual provisioning mode and will not be mapped to any SCIM mapping automatically.


    ADtoSCIMConfirmMsg.png
  6. Click Confirm.  A confirmation message is displayed indicating the user provisioning method successfully changed to SCIM.

    The user provisioning method has been successfully changed from AD/LDAP to SCIM.

Next steps after changing the user provisioning from AD/LDAP to SCIM

 

  • Was this article helpful?