Summary
User profile mappings linked to Azure AD/AD/LDAP/SCIM/Google groups do not automatically update in Druva Insync when group membership changes.
Applies To
User Management
All provisioning Methods, Such as AD-LDAP, Azure AD, SCIM, Google
Issue / Problem Description
When users are initially imported into Druva Insync via any provisioning method and mappings, their profiles are correctly assigned based on the group-to-profile mapping.
However, if a user is later moved to a different group that is mapped to another profile, the change is not automatically reflected.
This results in the need for manual intervention to update the user's profile in druva.
For example: if a user moves from one location to another and is reassigned to a different Azure AD group (which corresponds to a different profile in druva, the system does not update the user’s profile accordingly.
Current Behavior:
The current implementation of User Provisioning integration in Druva Insync only supports one-time user import based on group mappings. Subsequent changes in group membership are not tracked or synchronized automatically with user profiles.
Resolution / Workaround
Workaround:
Administrators must manually update user profiles in Druva when users are moved to different Azure AD/AD-LDAP/SCIM/Google groups. This involves:
Identifying users whose group membership has changed in Azure AD/AD-LDAP/SCIM/Google groups
Locating the corresponding user records in Druva.
Manually updating the profile assignment to match the new group mapping Reference: Change the profile assigned to users | Druva | Documentation
OR
4. You can update the profile of a user in bulk via API Method: Update user information using userID
📝Note:
It is recommended to check the retention before moving the users from one profile to another, as it may lead to a data loss scenario.