Skip to main content
All CollectionsMicrosoft 365Configure User ProvisioningAzure AD
User provisioning using Azure Directory(AD)
User provisioning using Azure Directory(AD)

Create mappings to automate user provisioning.

Updated over a week ago

Azure Active Directory (AD) is Microsoft's cloud-based identity and access management service. As an administrator, you can use Azure AD to automate user provisioning between your existing Windows Server AD and your Microsoft 365 tenant. If your organization is using Azure AD to store user details, you can integrate your Azure AD with Druva and import all the users you want to protect. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.


❗ Important

You can use Azure AD Integration user provisioning to manage and import Users and Shared Mailbox users.

Azure AD auto User Import requires either KMS or BYOK enabled on the inSync Admin Console.


Azure_AD_Groups_Concept.png

Supported filters

Administrators can use the following filter types to create mappings to automate user provisioning as per certain criteria:

  • Azure AD Groups: Import Microsoft 365 users that are part of specific Azure AD Groups

  • Azure AD attribute: Import Microsoft 365 users using certain Azure AD attribute

  • Import all users: Import all Microsoft 365 users


💡 Tip

You can also choose to manually search and import certain users. See Manually import users.


Use case

Let's say there are three critical departments in your organization in the US–Finance, Sales, and HR. Here you want to have a different profile and storage for Finance and the rest. In this case:

  • Mapping 1 (Azure AD Group): You can create an Azure AD group for users in the US Finance department and map it. While you create the mapping, you can select the backup configurations such as profiles and storage based on the requirements of your Finance team users.

  • Mapping 2 (Azure AD Attribute): For other users, you can choose to map the location attribute. Here you might have different backup configurations.

  • Priority: You can define the priority where you can keep Azure AD group mapping on the top. This way, users in the Finance department, will be provisioned as per the Azure AD group mapping as it will take priority. While others will get provisioned as per the location attribute mapping since they will not be part of the Finance Azure AD group.

  • Auto import of new users: All the users will automatically be imported and provisioned as per the mapping you have created. For example, a new user added to the Finance team will have backup configurations defined for the mapped group.

Considerations

In the case of Azure AD Groups, consider the following:

  • Supported Group types: M365 Groups, Security, Distribution, Mail Enabled Security

  • Only members of a group are imported. In case the owner of a group is not a member of the group, such a user will not be imported.

  • Only user accounts with the 'Member' type will be imported. Guest accounts will not be included in the import process.

  • In case you decide to change the user provisioning method to SCIM or AD/LDAP, all the mappings created with Groups will be lost and you will have to create new mappings with the new method.

High-level steps

Related tasks

Did this answer your question?