Skip to main content
All CollectionsMicrosoft 365Configure User ProvisioningAzure AD
Create Azure AD mapping for user provisioning
Create Azure AD mapping for user provisioning
Updated this week

Creating an Azure AD mapping for user provisioning is a crucial step in integrating inSync with Azure Active Directory. User provisioning enables the automated synchronization of user data from Azure AD to inSync, ensuring that user accounts and attributes are kept up to date.

To create an Azure AD mapping for user provisioning, you need to follow these steps:

Prerequisites

Credentials and permissions

  • You must have a Microsoft 365 Global administrator account. If you do not have Microsoft Global admin credentials, you can do either of the following:

    • Get them from your organization’s Microsoft 365 Global admin.

    • Send an email to Microsoft 365 Global administrator and request them to authorize and configure inSync to access Microsoft 365. Perform the following steps:

  1. On the Druva Management Console menu bar, click Users > User Provisioning.

  2. On the User Provisioning page, click Do not have Global Admin Credentials? link. The Azure AD Integration pop-up appears.

  3. In the Azure AD Integration pop-up, enter the email address of the recipient and click Send Email. inSync will notify and send an email for your request.

  • You must be a Druva Cloud Administrator or an inSync Cloud Administrator

Configurations

Step 1: Configure Druva to use Azure (AD)

Before you begin ensure that inSync is authorized and configured to access Microsoft 365. See, Configure inSync for Microsoft 365.

  1. On the Druva Management Console menu bar, click Users > User Provisioning.

  2. On the User Provisioning page, click Use Azure AD to use Azure AD mappings to import and manage users.

  3. On the confirmation dialog box that appears, read the message and click Confirm. You will be redirected to the Azure AD page. Now, you can create Azure AD mapping to import users.

Step 2: Create a Mapping

You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.


📝 Note

You can import users from Microsoft 365 Multi-Geo tenant based on their geo-location, group them in a profile and assign Druva storage as per their geo-location. Create Azure AD mapping with the attribute name as “preferredDataLocation”. For example, if your preferred geolocation is Canada, create an Azure AD mapping as follows: Azure AD Attribute {preferredDataLocation}
= {CAN}


Procedure

  1. On the Azure AD provisioning page, click New Mapping.
    In the Mapping Configuration tab specify the following:

    • Mapping Name - Specify a name for the Azure AD Integration mapping.

    • Filter Users by

    • Groups - Import users that belong to a specific Azure AD group.
      In the Groups field, enter one or multiple Groups.
      Tip: You can enter the first letter, and a list of the top 10 Azure AD groups is displayed. The supported group types are M365, Security, etc.

    • Azure AD Attributes - Import users based on a specific Azure AD attribute name and matching values.

      • Specify the Azure AD attribute name.

      • In the Value(s) box, type the value for the attribute. See Reference for Attributes list.
        Considerations

        • The filter is case-sensitive. The value you specify in the Azure AD mapping and the attribute value should be in the correct case. the same case that graph API returns. For example, displayName, companyName, postalCode, preferredDataLocation.

        • Use a comma to specify multiple values for the attribute.

        • Only the user accounts, that match the values specified in the box are mapped to this mapping.

    • All Users - Import all the users based on no criteria.​


      📝NOTE

      Only user accounts designated as 'Members' will be imported. Guest accounts will not be included in the import process.



      New_mapping.gif
  2. Click Next.

  3. In the Backup Configuration tab, specify the following details:

    • Assign Storage - Storage on which the user data should be saved

    • Assign Profile - Profile to which the users should be assigned

    • Default Quota - Default storage quota per user. Enter 0 for unlimited storage.

    • Send activation email to newly added users - Select if you want to send an invitation email to all the newly added users.​

      image1.png
  4. Click Finish. ​Azure AD mapping is created and listed on the, Azure AD listing page.

    Azure_AD_listing_page.png

Step 3: Verify the Mapping

You can verify your mappings using the following approaches.

  • Click on the mapping you have created to view the detail. ​

    View_details_mapping.png
  • Any new Azure AD Mapping or an update to an existing Azure AD mapping is logged in the administrator audit trails.

    Audit_trails.png

For more information, see View audit trail for administrators.

Reference

Azure AD Attributes

inSync supports Microsoft 365 Graph API and attributes under user resource type.

The following table provides a list of attributes that you can use:

Attribute

Sample Value

accountEnabled

true

ageGroup

null

city

null

createdDateTime

2020-12-24

creationType

null

companyName

ABC

country

null

department

QA,HR,Finance

displayName

'scriptalertXSSscript'_edited

employeeId

null

employeeHireDate

null

employeeOrgData

null

employeeType

null

isManagementRestricted

null

isResourceAccount

null

jobTitle

SSE

legalAgeGroupClassification

null

mail

null

officeLocation

null

onPremisesDomainName

null

onPremisesImmutableId

null

onPremisesLastSyncDateTime

null

onPremisesSecurityIdentifier

null

onPremisesSamAccountName

null

onPremisesSyncEnabled

null

onPremisesUserPrincipalName

null

passwordPolicies

null

postalCode

null

preferredDataLocation

null

preferredLanguage

null

refreshTokensValidFromDateTime

2020-12-24

showInAddressList

null

signInSessionsValidFromDateTime

null

state

null

streetAddress

null

surname

lastn

usageLocation

null

userPrincipalName

externalUserState

null

externalUserStateChangeDateTime

null

userType

Member


📝 Note

If a user is mapped to an attribute, and the user is imported using that attribute. On removing the attribute backup from the user, the user will still be in the same state (active).

Example: If a user is imported using an attribute Department=HR, the user is imported into insync successfully. Now, if we remove the attribute value (HR) from the Azure side, the user will still be in the Active state.


Did this answer your question?