Identity management reference

Overview

This article describes identity management settings. You can use identity management to control authentication and authorization in your CrashPlan environment. These settings are only available in CrashPlan cloud environments. 

Considerations 

Definitions

authentication: The process of identifying and verifying users in a system. Methods for authentication include: 

  • Local CrashPlan directory
  • Single sign-on (SSO)
  • Multi-factor authentication (MFA)

authentication provider: Allows access to CrashPlan. When enabled, users sign in using the authentication provider instead of CrashPlan. Examples of authentication providers include Okta, Google SSO, Ping, Azure AD, OneLogin, and Microsoft AD FS. 

CrashPlan User Directory Sync Tool: Uses LDAP to automate user management between your directory service and your CrashPlan environment. This differs from other provisioning providers because it uses LDAP rather than SCIM.  

identity management: An IT administrative area or market that deals with users in a IT system and gives them access to the right resources within the system. 

identity provider (IdP): A general term to refer to a system that contains user identities. Identity provider can refer to a system performing authentication, provisioning, or both. Examples of identity providers include Okta, Google SSO, Ping, Azure AD, and OneLogin. 

SCIM provisioning: An open standard protocol for automating user management. 

provisioning provider: Automates user management. Applications like CrashPlan sync with a provisioning provider and then create, update, or deactivate users based on the provisioning provider's user profile. Examples of provisioning providers include Okta, Ping, and Azure AD. 

single sign-on (SSO):  SSO is one type of authentication method. It allows a user to use the same credentials to sign in to multiple applications.

Authentication

Authentication provider settings enable you to use a third-party application to authenticate users in the CrashPlan environment. For example, use these settings to configure a provider for single sign-on authentication.  

To view the authentication provider settings:

  1.  Sign in to the CrashPlan console.
  2.  Go to Administration > Integrations > Identity Management
  3. Select Authentication.

Authentication_provider_main_screen.png

Add authentication provider

From the Authentication tab, click Add authentication provider.

Add Authentication Provider.png

  Item Description
a Display Name Sets the name of your organization's authentication provider. This is a descriptive label and the text entered here is displayed to the user on the sign-in screen of the CrashPlan app and CrashPlan console.
b Provider's Metadata

Sets the format for the authentication provider's metadata. Choose either to enter a URL or upload an XML file. 

c Enter URL 
or
Upload XML File

Enter URL: Sets the URL for the standalone identity provider or identity federation metadata file. The CrashPlan cloud must be able to access this URL.

Upload XML File: Uploads the XML file. 

Use metadata URL for federations
CrashPlan cloud environments do not support uploading an XML file for federations. Use the metadata URL to configure the federation instead.  Custom domains are not supported
When entering the URL for the XML metadata file, custom domains are not supported. You must use the standard domain of your identity provider. 

 

 

Authentication provider

The following screen appears when you configure a standalone identity provider.

identity provider page.png

  Item Description
a Display name Displays the name of your authentication provider.  
b Actions

Menu with the following actions: 

  • Edit Provider Name
  • Add Authentication Provider
  • Delete This Provider
c CrashPlan Service Provider Metadata URL

Displays the URL for the SAML 2.0 metadata file. This file is used by the authentication provider(s).

 

To view the contents of the metadata XML file, open the link in a web browser. The file contains CrashPlan URLs needed by your service provider to connect to CrashPlan, including URLs to the server, entity ID, and Assertion Consumer Service (ACS).

d Attribute mapping

Maps CrashPlan usernames to the provider's name identifier or a custom attribute.

  • Username: Specify the identity provider's name ID or attribute that maps to the CrashPlan username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
e Organizations in Use

Displays the number of organizations that use this provider as the authentication method.

 

You can also manage the organizations that use this authentication provider from organization settings.

f SAML attributes Displays the SAML context and class references in your identity provider's SSO requests, as well as the digest and signature algorithms to use. 
g Local users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

 

Federation

federation is a group of organizations that have formed trusts. With federations, the identity provider simply shares a token with the service provider to authenticate a user instead of supplying the user's credentials. When you enter the metadata URL, CrashPlan automatically detects if the metadata belongs to a federation or a single provider. If it is a federation, you are automatically directed to the federation details configuration page.

example federation.png

  Item Description
a Display name Displays the name of your authentication provider.  
b Actions

Menu with the following actions: 

  • Edit Provider Name
  • Add Authentication Provider
  • Delete This Provider
c Attribute mapping

Maps CrashPlan usernames to the provider's name identifier or a custom attribute.

  • Username: Specify the identity provider's name ID or attribute that maps to the CrashPlan username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
d Edit

Edits the attribute mappings.

 

In the resulting Attribute Mapping dialog, select the Use default mapping check box to use the default attribute mappings. Deselect the check box to enter your own values.

e Federated Identity Providers Lists all of the Federated Identity Providers that have been added for this federation. Click the name of the provider to view the details.
f Add Adds a new federated identity provider.
g Local users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

 

Add an identity provider to this federation

add a federated identity provider.png

  Item Description
a Select a Provider URL Selects an identity provider from the list of available providers. Begin typing to search for the correct provider. 
b Display Name Sets the display name for the identity provider


Federated identity provider details

To view the identity provider details, click the identity provider's name under the Federation details. 

federated provider page.png

  Item Description
a Display name Displays the name of your authentication provider.  
b Actions

Menu with the following actions: 

  • Edit Provider Name
  • Add Authentication Provider
  • Delete This Provider
c CrashPlan Service Provider Metadata URL Displays the URL for the SAML 2.0 metadata file. This file is used by the authentication provider(s).
d Attribute Mapping

Maps CrashPlan usernames to the provider's name identifier or a custom attribute.

  • Username: Specify the identity provider's name ID or attribute that maps to the CrashPlan username.
    • Select Use nameid to use the identity provider's name ID.
    • Select Use attribute tag to enter a custom identity provider attribute.
  • Email (Use nameid only): Enter the identity provider attribute that contains user email addresses.
  • First Name: Enter the identity provider attribute that contains user first names.
  • Last Name: Enter the identity provider attribute that contains user last names.
e Edit

Edits attribute mappings.

 

In the resulting Attribute Mapping dialog, select the Inherit from federation check box to inherit the attribute mappings from the federated authentication provider. Deselect the check box to enter your own values.

f Organizations in Use Displays the number of organizations that use this provider as the authentication method.
g SAML attributes Displays the SAML context and class references in your identity provider's SSO requests, as well as the digest and signature algorithms to use. Click the edit button to set the SAML attributes.
h Local Users

Displays users who are set to use local authentication only. These users are meant for troubleshooting issues with your authentication provider. 

 

Local users cannot be managed with provisioning.

 

Provisioning

Provisioning provider settings allow you to connect to a third-party application where your users are stored, and automatically add them to CrashPlan. To view the provisioning provider settings:

  1. Sign in to the CrashPlan console.
  2. Select Administration > Integrations > Identity Management
  3. Select Provisioning.

Provisioning_provider_main_screen.png

Add Provisioning Provider

To view, go to Provisioning, then click Add Provisioning Provider. Choose either Add SCIM Provider or Add CrashPlan User Directory Sync.

The following dialog appears when you select Add SCIM Provider. 

Add SCIM Provisioning Provider.png

  Item Description
a Display Name Sets the name for the SCIM provider or CrashPlan User Directory Sync.
b Authentication Credential Type

Sets the type of credential authentication to use:

  • API credentials (default)
    Generates a password.
  • OAuth token
    Generates a token for use with SCIM providers who accept OAuth tokens for credentials.

 

Credentials

After you enter a username for the provisioning provider, the credentials appear. Your provider may require some or all of these credentials to create a service account for syncing between your directory and CrashPlan. 

SCIM Provider Created.png
 

  Item Description
a Base URL The URL for interacting with the CrashPlan provisioning API. 
b Username Username for the service account. 
c

Password

or

Token

Password or token for the service account. Which appears appears depends on whether you selected API Credentials or OAuth token in the Add SCIM Provisioing Provider dialog box.

 

This password or token appears only once, so save it in a secure location.

 

SCIM provisioning provider

Appears when configuring a SCIM provisioning provider. 

example SCIM provider.png

  Item Description
a Name Displays the name of your provisioning provider.
b Actions

Menu with the following actions: 

  • Edit This Provider Name
    Change the provisioning provider's displayed name.
  • Configure Authentication Type
    Allows you to choose either password or token authentication.
  • Apply Org and Role Settings
    Apply any organization or role changes. May take up to an hour for the changes to be implemented.
  • Add New SCIM Provider 
    Add a SCIM provisioning provider.
  • Add CrashPlan User Directory Sync
    Add a User Directory Sync provisioning provider.
  • Delete This Provider
    Remove this provisioning provider from the system.
c Provider Credentials

Displays user credentials. This user performs directory sync between your provider and CrashPlan. These credentials are used by the provisioning provider.


Type is either SCIM Provider or CrashPlan User Directory Sync

d Regenerate Credentials

Regenerates credentials, either API credentials or an OAuth token. The regenerated password or token appears on the SCIM Provider Updated dialog. Copy the newly-generated password or token to the SCIM provisioning provider.

 

Credentials were originally generated when you added the SCIM provisioning provider. You may need to regenerate credentials in certain circumstances, such as when a new administrator takes over management of the SCIM provisioning provider in CrashPlan.

e Deactivation Delay
 

Displays the amount of time CrashPlan waits to deactivate a user once the provider has sent the update. The maximum deactivation delay is 90 days.

Even if you configure CrashPlan to wait to deactivate a user, the user is immediately blocked. The user is then deactivated after the configured time. 

 Deactivation of users on legal hold

If users who are custodians under a legal hold are subsequently selected for deactivation (for example, from the CrashPlan console, a provisioning provider, or API), they are not deactivated immediately because their data must be retained for legal hold purposes. Instead, they are blocked. Once these blocked users are released from legal hold, they are deactivated automatically.

f

Edit

Edits the deactivation delay setting. 
g

Organization Mapping

 

Displays how CrashPlan assigns organizations to users who are added from the provisioning provider.

 

Only configurable for SCIM provisioning providers.

h

Edit 

Change how CrashPlan maps provisioned users. Choose between the following mapping methods: 
  • Create new users in the organization below 
    Maps new users to a single organization.
  • Map users to organizations based on the provider's "c42OrgName" attribute
    Maps groups to organizations based on the providers' "c42OrgName" attribute.
  • Map users to organizations using SCIM groups
    Create mappings of SCIM groups to organizations.  You must first send SCIM groups to CrashPlan to use this option. If SCIM group are not sent to CrashPlan (for example, using the /Groups API resource in the SCIM protocol), the "There are no SCIM groups available" message displays. After sending the SCIM groups, the Add Mapping button displays.
i

Organization name

Displays a CrashPlan organization or the Add Mapping button.

j Role Mapping Displays how roles are mapped from the provisioning provider to CrashPlan.
k Edit

Change now roles are mapped from the provisioniong provider to CrashPlan. Choose:

  • Manually
    Assign roles manually in CrashPlan. Roles are not mapped from the provisioning provider.
  • Map SCIM groups to CrashPlan roles
    Map the SCIM groups in the provisioning provider to roles in CrashPlan. You must first send SCIM groups to CrashPlan to use this option. If SCIM group are not sent to CrashPlan (for example, using the /Groups API resource in the SCIM protocol), the "There are no SCIM groups available" message displays. After sending the SCIM groups, an Add Role Mapping button displays.
l

Edit mapped roles 

 

or 

 

Add Role Mapping
 

SCIM provisioning providers only

Maps CrashPlan roles and permissions to groups.

  • Allows you to edit mapped roles if roles have already been mapped (pictured).
  • If role mapping has not been performed yet, an Add Role Mapping button appears. The button appears only if SCIM groups have already been sent from your provider. 

Select Roles

 

CrashPlan User Directory Sync only

Select roles to be managed by the CrashPlan User Directory Sync Tool. This means only roles checked in this list will be automatically updated by the tool. Roles that aren't checked here must be manually updated in the CrashPlan console. 

 

See the Roles reference (CrashPlan) for more information on each role. 

View a list of roles within your CrashPlan environment

 

Edit Organization Mapping Method for SCIM provider

To view organization mapping methods, select the edit icon Edit_icon.png next to Organization Mapping. 

Single organization

Assigns all users to the same CrashPlan organization. If you choose this option, create organizations in the CrashPlan console before you begin.

Example use case
Use this option if you manage users in the CrashPlan console. For example, all users that are provisioned from the provisioning provider are added to the same organization. You can then move the users from that single organization to additional organizations in the CrashPlan console. 

edit organization mapping methods reference.png

  Item Description
a Create new users in the organization below CrashPlan assigns new users to the selected organization.  
b Select an organization Select the organization where you want to place new users.
 
"C42OrgName" attribute

The "c42OrgName" attribute creates new organizations or assigns users to existing organizations based on the value for the user attribute c42OrgName. This value becomes the name for the CrashPlan organization. This attribute is managed on the provisioning provider. 

Example use case
Use this method if you want to manage users in the provisioning provider (and not in the CrashPlan console). The value for this attribute becomes the name for the CrashPlan organization. CrashPlan creates new organizations or assigns users to existing organizations based on the value. 

map users to provider based on c42OrgName.png

  Item Description
a Map users to organizations based on the provider's "c42OrgName" attribute CrashPlan assigns users to the selected organization using the "c42OrgName" attribute. 
b Select an organization Select the organization where you want to place unmapped users.

SCIM group

Assigns users to CrashPlan organizations based on their SCIM group. If you choose this option, create organizations in the CrashPlan console before you begin.

Example use case
Use this mapping method if your users are already assigned to SCIM groups. For example, a user is part of a two different SCIM groups: an executive group and a UK group. You want this user's backup policies to match the other executives in your company, so this user should be assigned to the same CrashPlan organization as the other executives. In the CrashPlan console, you can choose the executive group to take priority over the UK group. This way you can place all of the executives in your company in the same organization and ensure they have the same backup policies.


map users to organization using SCIM groups.png

  Item Description
a Map users to organizations using SCIM groups.

CrashPlan assigns users to the selected organization based on SCIM groups.  To use this option, SCIM groups must first be sent to CrashPlan (for example, using the /Groups API resource in the SCIM protocol).

 

After you click Save, click Add Mapping to map roles to CrashPlan groups.

b Select an organization Select the organization where you want to place unmapped users.


Add Mapping

To view, click Add Mapping. Use Add Organization Mapping to map SCIM groups to CrashPlan organizations. To use this option, SCIM groups must first be sent to CrashPlan (for example, using the /Groups API resource in the SCIM protocol).

add organization mapping reference.png

  Item Description
a Select a SCIM group Displays all the SCIM groups that your provider has sent to the CrashPlan console. Only groups that have not been mapped appear in this list.
b Select a CrashPlan organization Displays the organization tree for your CrashPlan console. 


Edit Role Mapping

To view, select the edit icon Edit_icon.png next to Role Mapping.

edit role mapping reference.png

  Item Description
a Manually Assign roles manually in CrashPlan. Roles are not mapped from the provisioning provider. 
b Map SCIM groups to CrashPlan roles

Map the SCIM groups in the provisioning provider to roles in CrashPlan. To use this option, you must first send SCIM groups to CrashPlan (for example, using the /Groups API resource in the SCIM protocol).

If SCIM group are not sent to CrashPlan, the "There are no SCIM groups available" message displays. After sending the SCIM groups, an Add Role Mapping button displays. 


Add Role Mapping

To view, click Add Role Mapping.

SCIM add role mapping reference.png

  Item Description
a Select a SCIM group Displays all the SCIM groups that have been pushed to your CrashPlan console (for example, using the /Groups API resource in the SCIM protocol). Only groups that have not been mapped appear in this list.
b Select a CrashPlan role Displays a list of all the CrashPlan roles. Learn more about CrashPlan roles and permissions below.

 

CrashPlan User Directory Sync

Appears when configuring CrashPlan User Directory Sync. 

example CrashPlan user directory sync.png

  Item Description
a Name Display name for this User Directory Sync instance
b Actions

Menu with the following actions: 

  • Edit Provider Name
    Change the provisioning provider's displayed name.
  • Apply Org and Role Settings
    Apply any organization or role changes. 
  • Add New SCIM Provider 
    Add a SCIM provisioning provider.
  • Add CrashPlan User Directory Sync
    Add a User Directory Sync provisioning provider.
  • Delete This Provider
    Remove this provisioning provider from the system. 
c Provider Credentials

Displays user credentials. This user performs directory sync between your provider and CrashPlan. 

 

Click Regenerate password to create a new password if needed for the user. If you generate a new password for the user, you must also run the C42UserDirectorySync.bat --scim-password command to reconfigure the scim.password property with the new password

d Deactivation Delay
 

Displays the amount of time CrashPlan waits to deactivate a user after a synchronization is run. The maximum deactivation delay is 90 days.
 

Click the edit icon Edit_icon.png to change the length of time to delay deactivation.

Even if you configure CrashPlan to wait to deactivate a user, the user is immediately blocked. The user is then deactivated after the configured time.  

 Deactivation of users on legal hold

If users who are custodians under a legal hold are subsequently selected for deactivation (for example, from the CrashPlan console, a provisioning provider, or API), they are not deactivated immediately because their data must be retained for legal hold purposes. Instead, they are blocked. Once these blocked users are released from legal hold, they are deactivated automatically.

e

Organization Mapping

 

Disabled within the CrashPlan console. To configure how users are mapped to CrashPlan organizations, use the Org script in the CrashPlan User Directory Sync Tool. 

f Edit  Change how CrashPlan maps provisioned users to organizations. 
g

Role Mapping

Displays which roles the User Directory Sync automatically updates. 

h Edit 

Enable a method for mapping roles to users. Choose either Manually or Select roles from the CrashPlan User Directory Sync.

  • Manually: You must update roles within the CrashPlan console
  • Select roles from the CrashPlan User Directory Sync: CrashPlan automatically updates a user's roles based on the role script
i Select Roles

Select roles to be managed by the CrashPlan User Directory Sync Tool. This means only roles checked in this list will be automatically updated by the tool. Roles that aren't checked here must be manually updated in the CrashPlan console. 
 

See the Roles reference (CrashPlan) for more information on each role. 

Edit Organization Mapping Method for User Directory Sync

To view organization mapping methods, select the edit icon Edit_icon.png next to Organization Mapping. 

Create new users in an existing CrashPlan organization

Assigns new users to the same CrashPlan organization and does not map new users based on the User Directory Sync org script. If you choose this option, create organizations in the CrashPlan console before you begin.

Example use case
Use this option if you want to manage new users in the CrashPlan console. All users that are provisioned from User Directory Sync are added to the same organization. You can then move the users from that single organization to additional organizations in the CrashPlan console. 

do not map users based on the script.png

  Item Description
a Create new users in the organization below and do not map users based on the User Directory Sync's org script CrashPlan assigns new users to the selected organization.  
b Select an organization Select the organization where to place new users. 
User Directory Sync org script

Assigns users to organizations based on the User Directory Sync org script.   

Example use case
Use this method if you want to manage users in the User Directory Sync (and not in the CrashPlan console). CrashPlan creates new organizations or assigns users to existing organizations based on the org script.  

map users based on the script.png

  Item Description
a Map users to organizations based on the User Directory Sync's org script CrashPlan assigns users to the selected organization using the User Directory Sync org script. 
b Select an organization Select the organization where you want to place unmapped users. 

Select roles

To view, go to the Provisioning, and click Select Roles. This is a security measure to prevent users from elevating their privilege within CrashPlan environment. 

select roles for user directory sync.png

  Item Description
a Choose Roles Displays all of the roles available in your CrashPlan environment. To learn more about what the permissions, limitations, and example use cases for each role, see the

Roles reference (CrashPlan).

b Enable or disable role

Enable or disable roles from automatic provisioning.

  • Enabled: CrashPlan automatically adds or removes this role based on your role script.
  • Disabled: Even if your role script includes this role, CrashPlan will not update a user to add or remove this role. You must manually update in the CrashPlan console. 

Apply organization and role settings

Should you need to change organization and role settings and want them to be applied to all provisioned users in CrashPlan immediately, use the Apply Org and Role Settings option in the action menu of the target provisioning provider.

 Use with caution

Applying the organization and role settings to all provisioned users with the Apply Org and Role Settings option could be a destructive action because organization assignment changes may impact your currently provisioned user's archive configurations. Both organization and role settings are applied simultaneously and complete asynchronously.

Steps

To apply organization and role changes to either a SCIM provisioniong provider or a CrashPlan User Directory Sync provisioning provider, complete the following: 

  1. Sign in to the CrashPlan console.
  2. Go to Administration > Integrations > Identity Management > Provisioning.
  3. Select a provisioning provider.
  4. Choose Actions > Apply Org and Role Settings.

    apply_org_and_role_settings_sept_22_2020.png

  5. Click Apply.
    It may take up to one hour for the changes to be applied to all affected users.

Apply settings for organizations and roles mapped with SCIM groups

In order to map SCIM groups to CrashPlan organizations or roles, you must first push those SCIM groups to CrashPlan so they are available for mapping. You can do this by provisioning the users in their groups (or by using a push method such as the /Groups API resource in the SCIM protocol). However, this means that initially the users are placed in the default organizations and roles rather than the ones you want to map them to. 

To move users to the correct organizations and roles, map your organizations and roles and then apply the mappings:

  1. Provision users with their groups. Although this places the users in default organizations and assigns default roles, it also pushes the SCIM groups to CrashPlan so they appear in the CrashPlan console.
  2. Now that the SCIM groups appear in the CrashPlan console, you can use them to configure organization mapping and configure role mapping.
  3. Run Apply Org and Role Settings to apply the newly configured organizations and role assignments to the already-provisioned users. Users are moved to the correct organizations and roles.

Use cases

See the following sections for situations where applying mappings may be useful.

SCIM provisioning provider

 Configure mappings first

Ensure you've configured the organization and role mappings in the provisioning provider details page before applying mappings with the Apply organization and role settings dialog.

Organization mapping

You have configured your identity provider to provision the "c42OrgName" user attribute. Apply mappings when:

  • You have recently configured the CrashPlan mapping method to use "C42OrgName" and would like to move all existing provisioned users to their "c42OrgName" organization.
  • You have manually moved users into other organizations and would like them moved back to their "c42OrgName" organization.

You have configured your identity provider to provision user group information. Apply mappings when:

  • You have recently configured the CrashPlan mapping method to use SCIM groups and would like to move all existing provisioned users in manually assigned organizations to their mapped organization.
  • You have manually moved provisioned users into other organizations and would like them moved back to their mapped organization.
  • You have updated the SCIM group mappings and would like existing provisioned users to be moved into their newly mapped organizations immediately.
Role mapping

You have configured your identity provider to provision user group information. Apply mappings when:

  • You have recently configured the CrashPlan mapping method to use SCIM groups and would like to move all existing provisioned users in manually assigned roles into newly mapped roles.
  • You have manually assigned roles to provisioned users and would like them re-assigned to their mapped roles.
  • You have updated the SCIM group mappings and would like existing provisioned users to be assigned into their newly mapped roles immediately.
CrashPlan User Directory Sync

 Full sync

You should run a full sync to reprovision all users to CrashPlan using the CrashPlan User Directory Sync rather than applying organization and role mappings. However, in some cases, accessing the CrashPlan User Directory Sync or running a full sync may not be an option. In those cases you can apply mappings with the Apply organization and role settings dialog.

Organization mappings
  • You had previously configured mapping to use the org script, but recently updated the CrashPlan mapping method to use the "User Directory Sync Org Script".  Apply mappings when you would like to move all existing provisioned users in their manually assigned organizations to the scripted organization.
  • You have mapping configured to use the "User Directory Sync Org Script", but later manually moved provisioned users into other organizations. Apply mapping changes to move users back to their scripted organization.
Role mappings

You have configured the User Directory Sync role script to provision user's roles information. Apply mappings when you have updated the role allowlist and would like update provisioned users accordingly.

Sync Log

The sync log displays all of the updates made to your CrashPlan environment from the provisioning provider. 

To view the Sync Log:

  1. Sign in to the CrashPlan console.
  2. Select Administration > Integrations > Identity Management
  3. Click Sync Log

 Data in the Sync Log is retained for 90 days

As of September 22, 2021, the Sync Log retains data for only 90 days. If you want to retain Sync Log data older than the last 90 days, you must export the data before September 22, 2021. After that date, to retain Sync Log data older than 90 days, export the data on a regular basis and keep it in your own storage systems. For more information, see Export Sync Log data from CrashPlan.

identity management sync log.png

  Item Description Click to view
a Date selector Selects the timeframe for which logs to display. Click to view a calendar date picker.
b Refresh Table Retrieves the most recent synchronization changes. Click to view the latest log entries.
c Export CSV Exports all of the sync logs to a .CSV file. Use this option to filter the logs further.  Click to start downloading a CSV file.
d Provider Displays the provider that made the update. Click to sort.
e User Impacted Displays the CrashPlan username.  Click to sort.
f Change type

Displays how the user was changed. Change types are: 

  • Added
  • Created
  • Modified
  • Deactivated
  • Removed
  • Sync Failure
  • Not in Role Mapping
  • Removed
Click to sort.
g Attribute changed

Displays what part of the user changed. Attribute changes can be to: 

  • Country
  • Department
  • Division
  • Email
  • Employment Type
  • External ID
  • First Name
  • Last Name
  • Locality
  • Manager
  • Organization 
  • Region
  • Role
  • Title
  • User Name
Click to sort.
h New Value

Displays the new value for the attribute that was changed.

 

Note: Organization attribute values include the orgId, and Manager attribute values include the userId.

Click to sort.
i Old value Displays the old value for the attribute that was changed. Click to sort.
j Date changed Displays the date the change occurred.  Click to sort.

 Provisioning updates also appear in the Audit Log

In addition to appearing in the Sync Log, updates resulting from provisioning also appear in the Audit Log. For example, newly-provisioned users appear in the Add user event type, users deactivated by provisioning appear in the Deactivate user event type, and provisioned user attributes changes appear in the External attributes change event type. 

Whenever the acting user in an Audit Log event is a SCIM provisioning system, the username of the acting user in the event appears as the provisioning provider Username credentials from CrashPlan (for example, "azure_1234@cloud.crashplan.com").

External resources 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more