Overview
In some scenarios where the user devices are non-AD/LDAP bound and you want to mass deploy inSync Client on the user devices, you can use the method of deploying inSync Client without device mapping. Deployment of inSync Client without device mapping involves creating the users' email addresses using their logged-in username on the device in combination with the domains that you can define as desired.
This article provides information about how you can securely mass deploy inSync Client on user devices when the user has not logged in to the on-premise Active Directory and monitor the devices on which inSync Client is activated.
Ensure that the users do not have permission to modify their username on their devices if you select this method to mass deploy inSync Client on user devices.
As this method uses the 'username' as the unique identifier to deploy inSync Client, devices with the same username can lead to the user's data getting accessed by another user having the same user name on another device.
IMD workflow in a non-AD/LDAP environment without device mapping
To deploy inSync Client in a non-AD/LDAP environment without device mapping:
Step 1: Generate mass deployment activation Token
The mass deployment token is a security mechanism used to ensure that Druva Cloud processes activation requests from authentic clients. During integrated mass deployment (IMD), when installing inSync Client on user devices using an automated installation tool, you must include the mass deployment token as a parameter for installation.
Consideration
You can generate a mass deployment token considering the following guidelines:
Once you generate a mass deployment token, all previous tokens can still be used until they reach their expiry date. During the installation of the inSync Client, always add the most recently generated mass deployment token.
You can enable an expiry date for a mass deployment token. inSync Cloud does not authenticate any request that has an expired token attached to it.
Procedure
On the Endpoint workload page, select Mass Deployment.
Select Generate token. The Mass Deployment Token Window appears.
Select the Enable Expiry Date check box to set the expiry date.
Set the expiry period in the Expire date box.
Click Create New Token. Your token is generated.
Step 2: Configure mass deployment settings
Before configuring the mass deployment settings, make sure if you want to activate the inSync Client only on the first laptop that the user logs on to or on all the devices that the user logs on. If you activate the inSync Client only on the first device, then users with multiple laptops have to log on manually and activate the inSync Client on their subsequent devices.
Procedure
Go to Endpoint -> Mass Deployment tab from the left navigation bar.
Select Edit. The Mass Deployment settings window appears.
Select Activate only the first device for every user; if you want to activate inSync Client on the first device the user only logs on. If you
uncheck this field, the inSync Client will be activated on all the devices the user logs on.
Select the Prompt user if device mapping not defined checkbox to enable the following when the user-to-device mapping is not defined on the Console:
An Administrator and the inSync Client user can define the device behavior.
inSync Client users can either replace an old device or add a new one as an additional one.
Select the Deploy without device mapping checkbox when you want to perform mass deployment of inSync Client on user devices that are not mapped in the inSync Management Console.
❗ Important
Deployment without device mapping method uses the user's logged-in username to form the user's email address. Therefore, ensure that the users do not have permission to modify their username on their devices if you select this method to mass deploy inSync Client on user devices.
Deployment without device mapping utilizes ‘username’ as the unique device identifier to deploy inSync Client on user devices. Ensure that users cannot modify the username on the device. Any resemblance in the username can cause the user's data to get accessed by another user.
For Windows Device: InSync queries for "Set U" command and checks the logged-in user name.
For MAC devices: InSync queries "printenv" command and checks for $User and gets the logged-in user details.
In the Domain field, enter the Domain as per the priority order you want inSync to look up for the user.
📝 Note
The option is only applicable if you do not have AD/Non-AD/AzureAD or SCIM Provisioning to onboard users.
inSync forms an email address of the user using the logged-in username in combination with the domains that you have entered.
For example, the following listed domains provide an example of the priority order you can select as desired:
Druva.com
Druva.org
Druva.co.uk
Druva.in
druva.eu
Select the Find email match in AD checkbox if you want to search the user in the organization's Active Directory in case the user is not located using the email addresses in inSync as defined in Step 6.
Select Ok.
Upon successfully saving, the Settings page displays the configured settings. If you want to change the priority order in which you want inSync to search the users, modify the settings as desired.
Step 3: Run the command for mass deployment
Once the command is generated you can use the same for bulk installation. To install the command:
Copy the command for the preferred operating system from the Last Generated IMD Command section on the Mass Deployment page.
Save the command as a batch file and then run it using a third-party tool to mass replace and deploy inSync Client on new user devices.
Step 4: Verify the command
For the non-AD/LDAP environment, device mapping is displayed on the Non-AD/LDAP Deployment page. Device mapping entries are removed from the Deployment page as and when the inSync Client is activated. Therefore, only those devices that are pending activation are displayed on the Deployment page.