Skip to main content

How can we help you?

Druva Documentation

User provisioning using Azure Directory(AD)

License editions: To understand the applicable license editions, see Plans & Pricing.

You can use Azure AD Integration user deployment to manage and import  Users and Shared Mailbox users.

Azure Active Directory (AD) is Microsoft's cloud-based identity and access management service. As an administrator, you can use Azure AD to automate user provisioning between your existing Windows Server AD and your Microsoft 365 tenant. If your organization is using Azure AD to store user details, you can integrate your Azure AD with Druva and import all the users you want to protect. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.

Azure_AD_Groups_Concept.png

Supported filters

Administrators can use the following filter types to create mappings to automate user provisioning as per certain criteria:

  • Azure AD Groups: Import Microsoft 365 users that are part of specific Azure AD Groups
  • Azure AD Mappings: Import Microsoft 365 users using certain Azure AD attribute
  • Import all users: Import all Microsoft 365 users

You can also choose to manually search and import certain users. See, Manually import users

Use case

Let's say there are three critical departments in your organization in the US–Finance, Sales, and HR. Here you want to have a different profile and storage for Finance and the rest. In this case:

  • Mapping 1 (Azure AD Group): You can create an Azure AD group for users in the US Finance department and map it. While you create the mapping, you can select the backup configurations such as profiles and storage based on the requirements of your Finance team users. 
  • Mapping 2 (Azure AD Attribute): For other users, you can choose to map the location attribute. Here you might have different backup configurations.  
  • Priority: You can define the priority where you can keep Azure AD group mapping on the top. This way, users in the Finance department, will be provisioned as per the Azure AD group mapping as it will take priority.  While others will get provisioned as per the location attribute mapping since they will not be part of the Finance Azure AD group.
  • Auto import of new users: All the users will automatically be imported and provisioned as per the mapping you have created. For example, a new user added to the Finance team will have backup configurations defined for the mapped group.

Considerations

In the case of Azure AD Groups consider the following:

  • Supported Group types: M365 Groups, Security, Distribution, Mail Enabled Security
  • Dynamic Groups are not supported. 
  • Only members of a group are imported. In case the owner of a group is not a member of the group, such a user will not be imported. 
  • In case you decide to change the user provisioning method to SCIM or AD/LDAP, all the mappings created with Groups will be lost and you will have to create new mappings with the new method. 
  • Was this article helpful?