Skip to main content
All CollectionsEndpointsConfigure User provisioningUser management with AD/LDAP
QuickStart to inSync user provisioning and integrated mass deployment
QuickStart to inSync user provisioning and integrated mass deployment
Updated over a month ago

Overview

As an inSync administrator, you can configure the user devices in your organization for data protection. To start with, you need to import/provision the user-base from your organization directory into inSync. And as a next step, you can then bulk deploy inSync Client on the user devices by configuring one of the Integrated Mass Deployment (IMD) methods.

inSync supports bulk deployment of inSync Client on user devices across your organization during user on-boarding, as well as bulk replacement of user devices during the device replacement activities.

This quick reference guide helps you to choose the best strategy to manage user provisioning and inSync Client bulk deployment methods.


❗ Important

inSync currently supports user and device management using Integrated Mass Deployment (IMD) for Mac and Windows devices.


The following illustration demonstrates the step by step workflow:

Workflow.png

Step 1 - Select the user provision method

You can import the users from your organization using one of the following methods:

  • AD/LDAP - Directory services such as Microsoft Active Directory (AD) or Lightweight Directory Access Protocol (LDAP):

    If your organization uses AD/LDAP to store user details, you can integrate the directories to provision users in inSync.
    To select this method, log on to the inSync Management Console and select Users ➜ User Provisioning ➜ Select AD/LDAP

  • SCIM (System for Cross-domain Identity Management) - If your organization uses SCIM compliant Identity Providers (IdPs) as a source directory to manage and authenticate users to provide access to different applications, you can integrate it with Druva inSync to provision users in inSync and across multiple SaaS applications.

    To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select SCIM

  • Azure AD - As an administrator, you can use Azure AD to automate user provisioning between your existing Windows Server AD and your Microsoft 365 tenant. If your organization is using Azure AD to store user details, you can integrate your Azure AD with Druva and import all the users you want to protect. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.


    To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select Azure AD

  • Google Directory - As an administrator, you can use the Google Directory to automate user provisioning from Google Directory to Druva. You can either import all users or selected users into Druva. You can create multiple mappings to classify users and allocate them to a different profile, storage region, and storage quota.

    To select this method, log on to the inSync Management Console Users ➜ User Provisioning ➜ Select Google Directory

    Step 2 - Integrate with inSync for user management

Based on the user provisioning method that you have opted in Step 1, you can select any of the following listed integration methods for user and device management in inSync.

  • AD/LDAP integration with inSync - AD/LDAP integration involves registering your AD/LDAP with inSync and helps you to:

    • Automatically import new users at regular intervals

    • Select user login mechanism in the inSync profile

    • Create AD mapping and define the filter parameters, priority

    • Automatic update of user details

    • Auto preserve unmapped users

    • Define the Auto sync interval

  • SCIM integration with inSync -

    • Generate a token to integrate IdP with Druva inSync

    • Create a SCIM mapping

    • Define the priority for the SCIM mapping

    • Configure IdP to integrate with inSync to manage users

    • Define storage region and storage quota

  • Azure AD -

    • Create a Azure AD mapping using either the Azure AD group or Azure AD attribute

    • Supported Group types: M365 Groups, Security, Distribution, Mail Enabled Security

    • Define the mapping priority

    • Define storage region and storage quota

    • Option to auto import new users

  • Google Directory -

    • Create a mapping using a filter that you want to use to import users. You can filter users by Groups or All Users

    • Auto-sync users

    • Sync users on-demand

    • Define storage region and storage quota

Step 3 - Mass Deployment of inSync (Endpoint) Client

Integrated mass deployment (IMD) is an automated process to bulk deploy and automatically activate inSync Client on Mac and Windows devices across your organization.

We have developed multiple versions of IMD to cater to the different scenarios, to help you perform user and device management in bulk. Based on the user provisioning method you have opted for, you can choose the associated inSync Client deployment method.

You can perform the mass deployment or bulk installation depending on the directory service / environment:

AD/LDAP - You can deploy the inSync Client using Active Directory. This is IMD v2.

Azure AD - You can deploy and install inSync Client using the Azure directory. This is IMD v5

Non-AD - You can deploy and install the inSync Client for non-AD users using the Device mapping method. This method is called IMD v4. Integration with a non-AD/LDAP environment involves mapping the group of users and their details using a device map CSV file in the inSync Management Console.

Reference articles - Mass Deployment -

Device replacement:

Replacing user devices is a common activity across organizations that includes issuing new devices to their users as part of device refresh scenarios or in the events like thefts or loss of the device. To address these scenarios, we have also developed various versions of IMD to cater to different use cases.

Using these methods, the inSync administrators can restore the data onto the replacement device before it is shipped to the user. As a result, when the user activates the inSync Client on the replacement device, inSync tries to automatically map the restored data to the relevant destination paths and folders.

Did this answer your question?