Overview
Druva enables inSync administrators to automate user management in Druva inSync using System for Cross-domain Identity Management (SCIM) v2.0. SCIM is a standard for the exchange of user identities between identity providers (IdPs) and applications requiring user identity information (such as enterprise SaaS apps).
To integrate the Druva SCIM App, the SCIM Token is used, This token is valid for 365 days and the inSync Administrator receives a below email notification asking to change/update the SCIM Token:
Steps to update the SCIM token -
To make sure User provisioning is uninterrupted inSync Admin has to update the new SCIM Token before the expiry date, please follow the steps to update the new SCIM Token in Azure Portal.
To create a new SCIM Token login to https://login.druva.com
On the inSync Management Console menu bar, click Users > User Provisioning.
On the Summary section, click on the 3 dots on the top right corner and then click on the New Token option as shown below -
Copy this SCIM Token in the Notepad so that it can be used to update the current SCIM Token.
To update the new SCIM Token into Azure Portal:
On the Azure console, go to Azure Services > Enterprise Applications and select your SCIM app.
On the App Overview page, select Provisioning under Manage on the left pane -
Select Update credentials on the Provisioning page -
Under the Admin credentials section, the following Tenant URL should be already available -
https://apis.druva.com/insync/scim
Paste the Secret Token - Enter the token that you generated on the inSync Management Console for SCIM-based user management -
Once the Tenant URL and Secret token are in place, click on the Test Connectivity on the right top corner, the test should be successful.
Click on Save.
The SCIM token is updated and this will be valid for 365 days from the token creation date.
Once the new SCIM token is generated, a new entry will be created automatically under Druva Cloud Settings > API Credentials page.
Screenshot for your reference -
Note -
Time displayed on the API Credentials page is in the UTC format.
Whenever a new SCIM token is generated for the first time, then a new entry on the API credentials page will be created.
Whenever a new SCIM token is generated, then the existing entry on the API credentials page will be updated.
Note that the SCIM token and the API Credentials are different.
The SCIM token is used for user provisioning and deprovisioning in Druva. It allows for automated user management and synchronization between Druva and your identity provider (IDP) or directory service. The SCIM token is typically used for integrating Druva with your IDP or directory service, such as Azure AD, Okta, or OneLogin.
While the API credentials are used for authentication and authorization when making API calls to the Druva API. It provides access to various Druva APIs, allowing you to perform actions like backup and restore, data retrieval, configuration management, and more programmatically. The API credentials are used by developers or administrators to interact with Druva programmatically using APIs.