Entra ID is Microsoft's cloud-based identity and access management service. As an administrator, you can use Entra ID to automate user provisioning between your existing Windows Server AD and your Microsoft 365 tenant. If your organization is using Entra ID to store user details, you can integrate your Entra ID with Druva and import all the users you want to protect. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.
❗ Important
You can use Entra ID Integration user provisioning to manage and import Users and Shared Mailbox users.
Entra ID auto User Import requires either KMS or BYOK enabled on the inSync Admin Console.
Supported filters
Administrators can use the following filter types to create mappings to automate user provisioning as per certain criteria:
Entra ID Groups: Import Microsoft 365 users that are part of specific Entra ID Groups
Entra ID attribute: Import Microsoft 365 users using certain Entra ID attribute
Import all users: Import all Microsoft 365 users
💡 Tip
You can also choose to manually search and import certain users. See Manually import users.
Use case
Let's say there are three critical departments in your organization in the US–Finance, Sales, and HR. Here you want to have a different profile and storage for Finance and the rest. In this case:
Mapping 1 (Entra ID Group): You can create an Entra ID group for users in the US Finance department and map it. While you create the mapping, you can select the backup configurations such as profiles and storage based on the requirements of your Finance team users.
Mapping 2 (Entra ID Attribute): For other users, you can choose to map the location attribute. Here you might have different backup configurations.
Priority: You can define the priority where you can keep Entra ID group mapping on the top. This way, users in the Finance department, will be provisioned as per the Entra ID group mapping as it will take priority. While others will get provisioned as per the location attribute mapping since they will not be part of the Finance Entra ID group.
Auto import of new users: All the users will automatically be imported and provisioned as per the mapping you have created. For example, a new user added to the Finance team will have backup configurations defined for the mapped group.
Considerations
In the case of Entra ID Groups, consider the following:
Supported Group types: M365 Groups, Security, Distribution, Mail Enabled Security
Only members of a group are imported. In case the owner of a group is not a member of the group, such a user will not be imported.
Only user accounts with the 'Member' type will be imported. Guest accounts will not be included in the import process.
In case you decide to change the user provisioning method to SCIM or AD/LDAP, all the mappings created with Groups will be lost and you will have to create new mappings with the new method.
High-level steps
Step 1: Review the prerequisites
Step 2: Configure Druva for Entra ID integration
Step 3: Create Mapping
Step 4: Verify Mapping