Skip to main content
All CollectionsEndpointsConfigure User provisioningUser management with AD/LDAP
Synchronize inSync users and user details with your AD/LDAP
Synchronize inSync users and user details with your AD/LDAP
Updated over a month ago

Overview

inSync administrators can configure inSync to automatically synchronize inSync user accounts and their details with the registered AD or LDAP.

Synchronize user details

inSync enables you to schedule an automatic update of user details at a defined interval. It is applicable for all the users imported in inSync using AD/LDAP Mappings.

The following information is automatically updated when you enable the Auto-update user details setting in inSync:

  • inSync user name

  • inSync user email address

  • inSync user AD/LDAP user name

The frequency for a scan is defined by Auto sync interval under AD/LDAP settings.


📝 Note

  • inSync updates the user name only if the CN (Common Name) or UPN of the user based on the AD/LDAP Mapping configuration.

  • You can only synchronize user details for whom you imported using your AD/LDAP. You cannot synchronize user details whom you added individually or through a CSV file.

  • When enabled, this setting is applicable to all the AD/LDAP Mappings defined in inSync.


Enable the “Auto-update user details” setting:

To enable the Auto-update user details setting:

  1. Within the inSync console, navigate to the “Users” page and click on the “User Provisioning Link” on the left-hand side of the page.

  2. Under the “Summary” section of the “User Provisioning” page, click on the button with three vertical dots at the top left-hand corner and click on the “Edit” link from the drop-down menu.

  3. The “AD/LDAP Settings” window will appear. Fill in the checkbox for the “Auto update user details” option and click on the “Save” button.

inSync now automatically queries your AD/LDAP for user details at the defined interval and updates them in inSync.

Synchronize inSync users

When configured, inSync automatically, at a defined interval, scans your AD/LDAP and performs the following actions:

  • Imports any new user added to AD/LDAP, which matches the AD/LDAP mapping criteria and creates a new user in Druva inSync. Auto-import of users can be configured while creating the AD/LDAP mapping. For more information, see Import users from your AD/LDAP.

  • Updates user details of users managed using AD or LDAP.

  • Preserve any inSync user who has been disabled in your AD/LDAP.

  • Identifies and enables users who are currently preserved in inSync but now enabled in AD/LDAP and fall under an AD/LDAP Mapping defined in inSync.

  • Deletes the preserved user accounts based on the Data Preservation settings defined in the profile associated with the user.

The frequency for the scan is defined by Auto sync interval under AD/LDAP settings.

Example

The following example helps you understand the synchronization of users in Druva inSync with your AD/LDAP.

Assume you are managing an AD user in inSync. The inSync profile associated with the user has the following Data Preservation settings:

  • Auto delete preserved users - Yes

  • Auto delete after - 45 days

The Auto-sync interval is set to 24 hours.

If you disable the user in AD, when inSync scans your AD/LDAP as per the defined auto-sync interval, inSync preserves the user in inSync Management Console. If the user stays in the preserved state for the next 45 days, inSync checks the inSync Connector connection status, and if connected, deletes the preserved user.


📝 Note

  • You can only synchronize users whom you imported using your AD/LDAP. You cannot synchronize users whom you added individually or through a CSV file.

  • When enabled, this setting applies to all the AD/LDAP Mappings defined in inSync.

  • Only inSync users who are auto-preserved are marked as Active as part of the auto-sync process. Deleted users cannot be enabled again.

  • If a user account is preserved, such user account must be part of the AD/LDAP Mapping. If the preserved user account does not fall under any AD/LDAP mapping, it is automatically deleted based on the Data Preservation settings defined in the profile associated with the user account.

  • Before deleting user accounts that are managed using AD or LDAP, inSync checks the status of the inSync Connectors mapped with Druva (independent of whether an AD mapping exists or not). inSync deletes the preserved user only if a connection between the inSync Connector and Druva exists.


Steps to enable the “Auto preserve unmapped users” setting:

With the latest AD management functionality to manage Druva administrators using Active Directory/LDAP, if you're currently using or plan to use AD/LDAP for administrator management, it's crucial to upgrade to the latest version of the inSync Connector.

inSync allows you to auto-preserve users who might fall out of the AD/LDAP mapping rule but still stay active in inSync. As an administrator, you can decide whether to keep such users active or mark them as preserved in inSync.

Behavior of Auto preserve unmapped user settings:

If enabled:

Users are moved to the Preserved state if:

  • They are deleted from your AD/LDAP directory

  • They do not exist in the Mapping

If disabled:

Users are not moved to the Preserved state if:

  • They are deleted from your AD/LDAP directory

  • They do not exist in the Mapping


📝Note:

With the latest AD/LDAP Connectors, users marked as "Disabled" in your AD/LDAP will be automatically set to Preserved regardless of the Auto-preserve Unmapped Users setting.

(For old AD/LDAP connectors, if the "Auto Preserve Unmapped User" option is enabled and users are disabled in the AD/LDAP directory, those users are preserved in inSync. Similarly, if the "Auto Preserve Unmapped User" option is disabled, such disabled users are not preserved in inSync)


To enable Auto preserve unmapped users:

  1. From the Endpoints console, navigate to the “Users”-> User Provisioning.

  2. Under the “Summary” section of the “User Provisioning” page, click on the button with the three vertical dots on the top, left-hand corner and click on the “Edit” link from the drop-down menu.

  3. The “AD/LDAP Settings” window will appear. Fill in the checkbox for the “Auto preserve unmapped users” option and click on the “Save” button.

Did this answer your question?