Overview
Druva Identity Resilience is a fully managed, cloud-native Software-as-a-Service (SaaS) data protection solution. It is designed to secure and restore Identity Provider (IdP) environments.
The Importance of Identity Protection
Identity is classified as Tier 0 infrastructure, meaning it is the primary gateway to all users, applications, and systems. If an IdP is compromised, recovery stalls because restoring workloads is impossible without a trusted identity foundation. Druva closes this security gap by providing:
Air-gapped Backups: Backups are physically and logically isolated from the source tenant.
Immutable Storage: Data cannot be altered or deleted during a compromise.
Security-First Recovery: Provides a clean foundation for broader system restoration.
Supported Identity Platforms
Druva Identity Resilience provides centralized backup and recovery for three primary platforms: Microsoft Active Directory, Microsoft Entra ID, and Okta.
1. Microsoft Active Directory (AD)
Druva protects on-premises Active Directory environments across both the domain and forest levels.
Key Features
Comprehensive Coverage: Users, Groups, Computers, Contacts, Organization Unit, Group Policy Objects, ADFS Configuration, Domain Controller Service Configuration
Automated Schedules: Flexible schedules (daily/weekly, etc.), with default daily full system state on each DC.
Secure Storage: Encryption in transit (TLS 1.2+) and at rest (AES-256); supports Druva KMS and BYOK.
Granular Object Restore: Restore Users, Groups, and Organization Units (OUs) without restarting DCs.
Forest-Level Recovery: Guided workflows for full forest disaster recovery.
For more information about capabilities, configuration steps, and prerequisites, see the Quick Start Guide -Active Directory.
2. Microsoft Entra ID
Druva backs up Microsoft Entra ID (formerly Azure AD) to maintain access to Microsoft 365 and Azure Cloud resources.
Key Features
Users & Relationships: Get a policy-based approach to automatically protect user objects and their associated metadata. Restore users along with their relationships, such as organizational hierarchy and reporting structures, ensuring continuity.
Groups & Memberships: Safeguard group objects and maintain the integrity of group memberships. Recover groups with their exact member lists intact, crucial for maintaining access controls and operational workflows.
Roles & Associations: Protect role objects and their associations with users and groups. Ensure that role-based access controls are quickly restored, maintaining security and compliance post-recovery.
Devices (View / Download Only): Back up device metadata and configurations. View and download device information to facilitate governance and compliance requirements.
Conditional Access Policies: Safeguard conditional access objects with their properties, assignments, and access controls, enabling seamless restoration of security policies and enforcement rules.
For more information about capabilities, configuration steps, and prerequisites, see Quick start Guide - Entra ID.
3. Okta
Druva provides automated backups for Okta org, addressing the shared-responsibility model for tenant data.
Key Features
Automated Backups: Protect critical Okta objects, including Users, Groups, App Configurations, and Policies (SSO, MFA) with efficient incremental backups.
Air-Gapped and Immutable Backups: Isolate backups from the source tenant to protect against deletion, tampering, and cyber threats.
Granular Recovery: Restore individual users, groups, or policies without overwriting the full tenant.
Full-Org Recovery: Orchestrate restores by identifying and consistently recovering objects and relationships.
Cross-Tenant Recovery: Recover to a clean instance or configure seeding across tenants. Re-establish clean instances with rapid disaster recovery and configuration seeding across tenants.
Compliance Reporting: Support resilience mandates with detailed logs and reporting.
For more information about capabilities, configuration steps, and prerequisites, see Druva for Okta: Quick Start Guide.
Licensing
Druva Identity Resilience capabilities for Microsoft Active Directory, Microsoft Entra ID, and Okta are licensed under an Enterprise Per User model.
This Enterprise tier includes comprehensive access to the offering's core features across all three workloads, such as:
Autonomous, automated protection schedules
Air-gapped, immutable backups
Unlimited retention (for AD and Entra ID)
Relationship and member mapping
For detailed licensing information and a full list of features, see Plans & Pricing.
Active license consumption criteria for Identity Workloads - Entra ID, Okta, Microsoft Active Directory
Entra ID: Active users count
The total active member count is restricted to user accounts only.
This calculation includes only active users possessing a valid M365 license, while specifically excluding:
Deleted or non-licensed accounts
Users with blocked sign-in status
External or guest users
Contacts and mailbox-only accounts
Microsoft Active Directory: Active users count
This denotes any user account that has not been removed or restricted and maintains an active status.
Okta: Active users count
Defined as any Okta user account that is currently active and has not been deleted.
šNote: Service and administrative accounts that hold a valid identity license are recognized as a Druva identity license, a policy that extends across all identity workloads.
Policies supported for Okta with active license
Access Policies (SSO, MFA)
Apps
Audit Logs
Authenticators
Configuration Settings
Devices
Groups
Organization Settings
Role
Users
Workflows
Objects/Policies supported for Active Directory with active license
Configuration Settings
Groups
Users
Objects/Policies supported for Entra ID with active license
Administrative Units
App Registrations
Enterprise Apps
Conditional Access Policies
Device Settings
Devices
Group Settings
Groups
Tenant Settings
User Settings
Users
Directory Roles (Along with Privileged Identity Management and its settings)