Overview
As an inSync administrator, you can configure the user devices in your organization for data protection. To start with, you need to import/provision the user-base from your organization directory into inSync. And as a next step, you can then bulk deploy inSync Client on the user devices by configuring one of the Integrated Mass Deployment (IMD) methods.
inSync supports bulk deployment of inSync Client on user devices across your organization during user on-boarding, as well as bulk replacement of user devices during the device replacement activities.
This quick reference guide helps you to choose the best strategy to manage user provisioning and inSync Client bulk deployment methods.
❗ Important
inSync currently supports user and device management using Integrated Mass Deployment (IMD) for Mac and Windows devices.
The following illustration demonstrates the step by step workflow:
Step 1 - Select the user provision method
You can import the users from your organization using one of the following methods:
AD/LDAP - Directory services such as Microsoft Active Directory (AD) or Lightweight Directory Access Protocol (LDAP):
If your organization uses AD/LDAP to store user details, you can integrate the directories to provision users in inSync.
To select this method, log on to the inSync Management Console and select Users ➜ User Provisioning ➜ Select AD/LDAP
SCIM (System for Cross-domain Identity Management) - If your organization uses SCIM compliant Identity Providers (IdPs) as a source directory to manage and authenticate users to provide access to different applications, you can integrate it with Druva inSync to provision users in inSync and across multiple SaaS applications.
To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select SCIM
Azure AD - As an administrator, you can use Azure AD to automate user provisioning between your existing Windows Server AD and your Microsoft 365 tenant. If your organization is using Azure AD to store user details, you can integrate your Azure AD with Druva and import all the users you want to protect. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.
To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select Azure AD
Google Directory - As an administrator, you can use the Google Directory to automate user provisioning from Google Directory to Druva. You can either import all users or selected users into Druva. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.
To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select Google Directory
Step 2 - Integrate with inSync for user management
Based on the user provisioning method that you have opted in Step 1, you can select any of the following listed integration methods for user and device management in inSync.
AD/LDAP integration with inSync - AD/LDAP integration involves registering your AD/LDAP with inSync and helps you to:
Automatically import new users at regular intervals
Select user login mechanism in the inSync profile
Create AD mapping and define the filter parameters, priority
Automatic update of user details
Auto preserve unmapped users
Define the Auto sync interval
SCIM integration with inSync -
Generate a token to integrate IdP with Druva inSync
Create a SCIM mapping
Define the priority for the SCIM mapping
Configure IdP to integrate with inSync to manage users
Define storage region and storage quota
Azure AD -
Create a Azure AD mapping using either the Azure AD group or Azure AD attribute
Supported Group types: M365 Groups, Security, Distribution, Mail Enabled Security
Define the mapping priority
Define storage region and storage quota
Option to auto import new users
Google Directory -
Create a mapping using a filter that you want to use to import users. You can filter users by Groups or All Users
Auto-sync users
Sync users on-demand
Define storage region and storage quota
Step 3 - Mass Deployment of inSync (Endpoint) Client
Integrated mass deployment (IMD) is an automated process to bulk deploy and automatically activate inSync Client on Mac and Windows devices across your organization.
We have developed multiple versions of IMD to cater to the different scenarios, to help you perform user and device management in bulk. Based on the user provisioning method you have opted for, you can choose the associated inSync Client deployment method.
You can perform the mass deployment or bulk installation depending on the directory service / environment:
AD/LDAP - You can deploy the inSync Client using Active Directory. This is IMD v2.
Azure AD - You can deploy and install inSync Client using the Azure directory. This is IMD v5
Non-AD - You can deploy and install the inSync Client for non-AD users using the Device mapping method. This method is called IMD v4. Integration with a non-AD/LDAP environment involves mapping the group of users and their details using a device map CSV file in the inSync Management Console.
Reference articles - Mass Deployment -
Device replacement:
Replacing user devices is a common activity across organizations that includes issuing new devices to their users as part of device refresh scenarios or in the events like thefts or loss of the device. To address these scenarios, we have also developed various versions of IMD to cater to different use cases.
Using these methods, the inSync administrators can restore the data onto the replacement device before it is shipped to the user. As a result, when the user activates the inSync Client on the replacement device, inSync tries to automatically map the restored data to the relevant destination paths and folders.