How can I restore users deleted by mistake?

I don’t know the number of deleted users

• Log in to the Backupta UI 

• Access the Backup page 

• Use the search to find the Users backup that contains your Users

• Press the backup row to open the backup details and verify if your users are present

• Press the Restore backup button

• Select the components to restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• Users are recreated to your tenant, and they have to re-enrol their password and MFA (if any)

• Access the Reports page to consult the restoration report

Note: If users are recreated during the restore, their assignments are automatically restored by Backupta. 

I know exactly which user has been deleted

• Login to the Backupta UI

• Access the Events page

• Use the search to find the user who has been deleted

• Press the event row to open the event details

• Press the Revert this change button

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• The user is recreated to your tenant, and he has to re-enrol his password and MFA (if any)

• Access the Reports page to consult the restoration report 

Note: 

• The user assignments are automatically restored by Backupta when a user is recreated. 

• To find the user using the search, you must start filling in the field with the exact case of the user name.

  • Sorting in the results table will be done according to the field used for the search (label or ID)

  • Typing into the two search bars at once may result in a longer search time

The user is coming from an external source

How does Backupta manage external sources?

• Login to the Backupta UI 

• Access the Backups page

• Use the search to find the most relevant Configuration backup 

• Press the backup row to open the backup details and verify its content

• Press the Restore backup button

• Select the following components to restore:

  • Apps

  • User Schemas

  • Mapping

• Launch the restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• Resources are restored in your tenant 

• Access the Reports page to consult the restoration report

• Run an import from your external source to Okta

• Access the Backups page

• Select a Users backup 

  • If both (users and configuration) backups are launched at the same time, we recommend using the Users backup associated with the Configuration backup you’ve just restored

  • Otherwise, you should restore the users backup nearest after the configuration backup you’ve restored (to be sure the assignments will match)

• Press the backup row to open the backup details 

• Press the Restore backup button

• Select at least the following components to restore:

  • Users

  • App User Assignments

  • Group User Assignments

  • Role User Assignments

• Launch the restore

The restore progression is available from the left banner of the Backupta UI.

Once the restore is over:

• Users are recreated to your tenant, and they have to re-enrol their password and MFA (if any) 

• Access the Reports page to consult the restoration report 

Notes: 

To only restore the status of an external user:

1. Fix the status of the user in the source

2. Run an import from the source into Okta

To only restore the external attribute values of an external user that has been updated:

1. Fix values in the source

2. Launch a Configuration restore or a specific revert of the related objects (following the steps described above), in these categories:

• Apps

• User Schemas

• Mappings

3. Run an import from the source into Okta

How can I restore suspended or deactivated users?

Full restore of users

To restore all the users, even those who are suspended or deactivated in the tenant:

• Open the Users backup

• Press the Restore button

• In the Select your Component dialog, open the Advanced Settings section.

• Tick:

  • Users currently SUSPENDED in Okta: if the users have a different status in the backup, they will be unsuspended.

  • Users currently DEACTIVATED in Okta: if the users have a different status in the backup, they will be reactivated and their assignments restored.

• Launch the restore

• Access the Reports page to consult the restoration report

Revert specific user(s)

• Open the Events page

• Select the user(s) to revert

• Press the Revert button

• If a user is SUSPENDED or DEACTIVATED in the Okta tenant the following message appears: “The following users are currently Suspended or Deactivated in Okta: [...] Reverting these changes will reactivate their accesses.”

• Launch the revert

• Access the Reports page to consult the restoration report

Notes:

• Only Users who are ACTIVE or PROVISIONED in the backup can be restored. 

• Users who are DEACTIVATED in the tenant, and ACTIVE in the backup will be restored with a PROVISIONED status.

• If the User has a status different from PROVISIONED or ACTIVE in the backup, Backupta will add the following log in the report (example for suspended users): the users status in Backup is [...]. Restoration of Suspended users is enabled only for ACTIVE or PROVISIONED users

How can I restore groups deleted by mistake?

I don’t know the number of deleted groups

• Login to the Backupta UI 

• Access the Backups page

• Use the search to find the Configuration backup that contains your groups

• Press the backup row to open the backup details and verify if your groups are present

• Press the Restore backup button

• Select the components to restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• Groups are recreated to your tenant 

• Access the Reports page to consult the restoration report

Note: 

• The group assignments are automatically restored by Backupta when a group is recreated. 

I know exactly which group has been deleted

• Login to the Backupta UI

• Access the Events page 

• Use the search to find the group that has been deleted

• Press the event row to open the event details

• Press the Revert this change button

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• The group is recreated to your tenant 

• Access the Reports page to consult the restoration report

Note: 

• The group assignments are automatically restored by Backupta when a group is recreated.

• To find the group using the search you must start filling in the field with the exact case of the group name.

  • Sorting in the results table will be done according to the field used for the search (label or ID)

  • Typing into the two search bars at once may result in a longer search time

My group is coming from an external source

How does Backupta manage external sources?

• Run an import from the external source to Okta

• Login to the Backupta UI 

• Access the Backups page

• Use the search to find the most relevant Configuration backup 

• Press the backup row to open the backup details and verify its content

• Press the Restore backup button

• Select the following components to restore:

  • Groups

  • Assignments

• Launch the restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• Resources are restored in your tenant 

• Access the Reports page to consult the restoration report 

Note:

To only restore the name or description of an external group that has been updated:

1. Fix values in the source

2. Run an import from the source into Okta

How can I restore apps deleted by mistake?

I don’t know the number of deleted apps

• Login to the Backupta UI

• Access the Backups page

• Use the search to find the Configuration backup that contains your applications

• Press the backup row to open the backup details and verify if your apps are present

• Press the Restore backup button

• Select the components to restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• Apps are recreated to your tenant:

  • Go to the restored apps in Okta and get the following elements:

    • Client Secret (OIDC/OAuth)

    • Private key (OIDC/OAuth)

    • IdP Issuer/entityID (SAML)

    • IdP SSO URL (SAML)

    • X.509 Certificate (SAML)

  • Go into your application SSO configuration and update it with the new Okta app values

  • If needed, reconfigure provisioning settings

• Access the Reports page to consult the restoration report 

Note: 

• The apps assignments are automatically restored by Backupta when an application is recreated.

• If the restore of Secrets for OIDC app is activated on a tenant, the recreated app may work without the manual configuration needed. Contact Backupta support to activate the option 

I know exactly which app has been deleted

• Log in to the Backupta UI 

• Access the Events page 

• Use the search to find the app that has been deleted

• Press the event row to open the event details

• Press the Revert this change button

The restore progression is available from the left banner of the Backupta UI.

Once the restore is over:

• The app is recreated to your tenant:

  • Go to the restored apps in Okta and get the following elements:

    • Client Secret (OIDC/OAuth)

    • Private key (OIDC/OAuth)

    • IdP Issuer/entityID (SAML)

    • IdP SSO URL (SAML)

    • X.509 Certificate (SAML)

  • Go into your application SSO configuration and update it with the new Okta app values

  • If needed, reconfigure provisioning settings

• Access the Reports page to consult the restoration report 

Notes: 

• The apps assignments are automatically restored by Backupta when an application is recreated.

• To find the app using the search you must start filling in the field with the exact case of the app name.

  • Sorting in the results table will be done according to the field used for the search (label or ID)

  • Typing into the two search bars at once may result in a longer search time

• If the restore of Secrets for OIDC app is activated on a tenant, the recreated app may work without the manual configuration needed. Contact Backupta support to activate the option 

How can I restore an Identity Provider deleted by mistake?

I know exactly which identity provider has been deleted

• Log in to the Backupta UI 

• Access the Events page

• Use the search to find the identity providers that has been deleted

• Press the event row to open the event details

• Press the Revert this change button

The restore progression is available from the left banner of the Backupta UI.

Once the restore is over:

• The identity provider is recreated to your tenant:

  • The identity provider profile and mapping are also recreated

  • The IDP routing rules must be reverted independently by launching a revert from the events page too

• Access the Reports page to consult the restoration report 

Note: 

• The IDP inclusion in a Global Session Policy Rule has to be manually recreated, or restored/reverted separately.

• If there are several sources of data in the tenant, the Profile Mastering (global and per attribute) must be manually reconfigured after the IdP recreation.

How can I restore assignments deleted by mistake?

An App user assignment or a Group User Assignment has been added or deleted

From the Events page

• Log in to the Backupta UI

• Access the Events page

• Open the Update Users event to access the assignment changes (addition or deletion)

• Choose to restore only the assignment change or the whole event

  • Press the revert arrow at the right of the assignment change to only revert the assignment change

  • Press the Revert this change button to revert the whole event

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the group or app

  • If an addition is reverted: The user is no longer assigned to the group or app

• Access the Reports page to consult the restoration report

From a backup component

• Log in to the Backupta UI

• Access the Users backup where there was the assignment (before the addition or deletion)

• Use the search filter to retrieve the users (with its label or Id)

• Open the Users details:

  • Press the Rollback to this version button to revert the whole state

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the group or app

  • If an addition is reverted: The user is no longer assigned to the group or app

• Access the Reports page to consult the restoration report

From the Changes tab

• Log in to the Backupta UI

• Access the changes tab of the Users backup where the change has been identified

• Tick the checkbox in front of the Assignment change

• Press the Revert this change button to revert the assignment addition or deletion

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the group or app

  • If an addition is reverted: The user is no longer assigned to the group or app

• Access the Reports page to consult the restoration report

An App group Assignment has been added or deleted

From the Events page

• Log in to the Backupta UI

• Access the Events page

• Open the Update App event to access the assignment addition or deletion

• Choose to restore only the assignment change or the whole event

  • Press the revert arrow at the right of the assignment change to only revert the assignment change

  • Press the Revert this change button to revert the whole event

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The app is reassigned to the group

  • If an addition is reverted: The app is no longer assigned to the group

• Access the Reports page to consult the restoration report

From a backup component

• Log in to the Backupta UI

• Access the Configuration backup where there was the assignment (before the addition or the deletion)

• Use the search filter to retrieve the App (with its label or Id)

• Open the App details:

  • Press the Rollback to this version button to revert the whole state

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The app is reassigned to the group

  • If an addition is reverted: The app is no longer assigned to the group

• Access the Reports page to consult the restoration report

From the Changes tab

• Log in to the Backupta UI

• Access the changes tab of the Configuration backup where the addition or the deletion has been identified

• Tick the checkbox in front of the Assignment change

• Press the Revert this change button to revert the assignment addition or deletion

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The app is reassigned to the group

  • If an addition is reverted: The app is no longer assigned to the group

• Access the Reports page to consult the restoration report

Notes:

• If one of the objects of the assignment has been deleted, the assignment won’t be restored and an error is displayed in the restoration report.

A Role User assignment has been added or deleted

From the Events page

• Log in to the Backupta UI

• Access the Events page

• Open the Update Users event to access the assignment change (addition or deletion)

• Choose to restore only the assignment change or the whole event

  • Press the revert arrow at the right of the assignment deletion to only revert the assignment change

  • Press the Revert this change button to revert the whole event

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the role

  • If an addition is reverted: The user is no longer assigned to the role

• Access the Reports page to consult the restoration report

From a backup component

• Log in to the Backupta UI

• Access the Users backup where there was the assignment (before the addition or the deletion)

• Use the search filter to retrieve the user (with its label or ID)

• Open the User details:

  • Press the Rollback to this version button to revert the whole state

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the role

  • If an addition is reverted: The user is no longer assigned to the role

• Access the Reports page to consult the restoration report

From the Changes tab

• Log in to the Backupta UI

• Access the changes tab of the Users backup where the role addition or deletion has been identified

• Tick the checkbox in front of the Assignment change

• Press the Revert this change button to revert the assignment addition or deletion

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The user is reassigned to the role

  • If an addition is reverted: The user is no longer assigned to the role

• Access the Reports page to consult the restoration report

A Role Group Assignment has been added or deleted

From the Events page

• Log in to the Backupta UI

• Access the Events page

• Open the Update Group event to access the assignment change (addition or deletion)

• Choose to restore only the assignment change or the whole event

  • Press the revert arrow at the right of the assignment deletion to only revert the assignment change

  • Press the Revert this change button to revert the whole event

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The group is reassigned to the role

  • If an addition is reverted: The group is no longer assigned to the role

• Access the Reports page to consult the restoration report

From a backup component

• Log in to the Backupta UI

• Access the Configuration backup where there was the assignment (before the addition or the deletion)

• Use the search filter to retrieve the group (with its label or ID)

• Open the group details:

  • Press the Rollback to this version button to revert the whole state

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The group is reassigned to the role

  • If an addition is reverted: The group is no longer assigned to the role

• Access the Reports page to consult the restoration report

From the Changes tab

• Log in to the Backupta UI

• Access the changes tab of the configuration backup where the role addition or deletion has been identified

• Tick the checkbox in front of the Assignment change

• Press the Revert this change button to revert the assignment addition or deletion

• The restore progression is available from the left banner of the Backupta UI.

• Once the restore is over:

  • If a deletion is reverted: The group is reassigned to the role

  • If an addition is reverted: The group is no longer assigned to the role

• Access the Reports page to consult the restoration report

Note:

• Role assignment additions can only be reverted following the steps mentioned above. By launching a whole restore of a backup, new added assignments won’t be deleted.

• Role assignments deletion can also be restored when launching a restore/revert on a role. 

How can I restore one of my conf items deleted by mistake?

To restore a configuration item (eventHook, factorTypes…) that has been deleted by mistake, you have to:

• Verify if the item is eligible to the revert option or

• Follow one of the process described below

I don’t know how many configuration items have been deleted / the item I want to restore is not eligible to the revert option

• Log in to the Backupta UI

• Access the Backups page

• Use the search to find the Configuration backup that contains a stable version of your Okta tenant

• Press the backup row to open the backup details and verify its content

• Press the Restore backup button

• Select the components to restore

The restore progression is available from the left panel of the Backupta UI.

Once the restore is over:

• The configuration items have been restored and you can see them on your Okta tenant

• Access the Reports page to consult the restoration report 

I know exactly which configuration item has been deleted / the item I want to restore is eligible to the revert option

• Log in to the Backupta UI 

• Access the Events page 

• Use the search to find the configuration item that has been deleted

• Press the event row to open the event details

• Press the Revert this change button

The restore progression is available from the left banner of the Backupta UI.

Once the restore is over:

• The configuration item is recreated to your tenant:

• Access the Reports page to consult the restoration report 

Notes: 

• To find the conf item using the search you must start filling in the field with the exact case of the item.

• Backupta doesn’t restore links between two configuration items when it could have a main impact on one of them. For example, if you individually restore a deleted network zone, the network zone will be recreated BUT if this zone was used in a policy rule, you’ll have to redefine it in the policy rule. This prevents Backupta from erasing other changes that may have been done to this policy since the zone deletion.

My conf item is coming from external sources

If you need to restore an external attribute that has been deleted from Okta by mistake:

• Log in to the Backupta UI 

• Access the Backups page

• Use the search to find the most relevant Configuration backup

• Press the backup row to open the backup details and verify its content

• Press the Restore backup button

• Select the following components to restore:

  • Apps

  • User Schemas

  • Mapping

• Launch the restore

The restore progression is available from the left panel of the Backupta UI

Once the restore is over:

• Resources are restored in your tenant 

• Access the Reports page to consult the restoration report 

• Run an import from the external source to Okta

What are the prerequisites for cloning my tenant?

• Target tenants must be defined in your Backupta instance. Contact your Backupta account manager to have the feature activated.

• You must be a Super-Administrator on the target tenants.

Note: 

• Target tenants are visible thanks to a badge in the tenant settings of your Backupta account. 

How does the clone manage my external sources?

• Data that are coming from an external source are not cloned.

Note: 

• We recommend running an import of the users and groups from external sources to the target tenant before the clone or cleaning up the references to the groups before the clone.

How can I clone my tenant?

Clone the tenant configuration

From the source tenant

• Open a configuration backup

• Press the Clone button left to the Restore button

• Select the components to clone

• Fill in a description for the clone

• Select the target tenant 

• Confirm the clone 

• Open the target tenant to follow the progression

Once the clone is over:

• On the source tenant:

  • Access the Audit log to consult the status of the clone

  • Access the backup used for the clone by pressing the arrow on the dedicated audit log row

• On the target tenant:

  • Access the Reports to consult the status of the clone

  • Access the clone report by pressing the arrow on the dedicated audit log row

Clone the tenant users

From the source tenant

• Open a users backup

• Press the Clone button left to the Restore button

• Select the components to clone

• Fill in a description for the clone

• Select the target tenant 

• Confirm the clone 

• Open the target tenant to follow the progression

Once the clone is over:

• On the source tenant:

  • Access the Audit log to consult the status of the clone

  • Access the backup used for the clone by pressing the arrow on the dedicated audit log row

• On the target tenant:

  • Access the Reports page to consult the status of the clone

  • Access the clone report by pressing the arrow on the dedicated audit log row

Which data are managed by the clone?

Both configuration and users backups can be cloned. 

Inside a configuration backup, the following components are not supported and won’t be cloned:

• Behavior detection rules

• Brands

• Captchas

• Devices

• Email templates

• Factors (Classic tenants only)

• Linked Objects definitions

• Log Streams

• Organization 

• Role subscriptions

• Threat Insights

• Trusted servers of authorization servers

These data have to be manually recreated on the target tenant.

Notes:

• We recommend starting with a clone of the configuration, then a clone of the users to correctly recreate the assignments. 

• Backupta M2M Service is not cloned nor updated

• In the next Backupta versions, we’ll add more component support in the clone feature.

Understand the clone limitations

Cloning policies that have references to non-cloned authenticators

• Policies may have references to authenticators non supported by the clone (if they have secrets or IdP references). In this case, Backupta clones the policy but the reference to the authenticator is removed.

Cloning User Schemas with Override Profile Source property

• User Schema attributes that have Override Profile Source priority are not restored by Backupta (ETA 6.2) and by consequences not supported by the clone feature. In the meantime, we recommend setting their priority to Inherit from profile Source to have the User Schemas cloned.

Cloning resources set

• If a resource set contains “all identity”, “all support”, or “all customizations” resources, Backupta needs the org settings file, and the org.read scope to clone them, otherwise Backupta won’t be able to clone this resource set.

• If the resource set contains a reference to a brand, the resource set is not cloned

• When the resource set has a resource pointing to a specific type of Apps through URLs, the resource set won’t be cloned due to Okta technical limitations. 

Cloning Identity providers with secret/certificate

• Identity providers that use a secret/certificate can’t be cloned. Every objects related to them won’t be clone either (such as IdP mapping for example)

Cloning Authenticators with secret or IDP references

• To clone Authenticators with references to an IdP, the IdP must be manually created first on the tenant. 

Note: 

• The clone follows the restore principles. It means that if some data can’t be managed in the standard restore feature they won’t be cloned either. For example, app logos are not restored by Backupta and as consequences, they won’t be cloned.

Understand the status of a clone job

The Status is a global status for the clone. If your clone status is WARNING or ERROR, the clone is incomplete, but all data that don’t have these statuses have been well-cloned.

There are three types of status:

• SUCCESS: The clone is complete and everything has been cloned.

• WARNING: The clone is not complete, open the Report tab to see on which data the warning is applied. The warning status appears in the following cases:

  • Data that are coming from an external source (such as an Active Directory) are not cloned

  • Objects that have been created since the last backup: the clone job doesn't delete them.

• ERROR: all other errors during the clone appear with the ERROR status. The clone is not complete, open the tab to see on which data the error is applied.

  • If necessary:

    • Relaunch a clone on specific components 

    • Contact Backupta support

This is a beta-feature, be kind :-)

The failover tenant is automatically synchronized with the master tenant to be ready to use in case of disaster.

How to link a failover tenant to a master tenant?

Access the tenant’s settings page of your Backupta account to define a failover tenant on your master tenant.

Prerequisites:

• Failover tenants must be defined in your Backupta instance. Contact your Backupta account manager to have the feature activated.

• You must be a Super-Administrator on both tenants (master and failover)

• Only one failover tenant can be linked with the master tenant. Once related, the failover tenant can’t be linked to another master tenant.

Notes: 

• Failover tenants are visible thanks to a badge in the tenant settings of your Backupta account.

How does the failover tenant manage my external sources?

• Data coming from an external source is not synchronized.

Note: 

• We recommend running an import of the users and groups from external sources to the failover tenant before the synchronization.

How can I synchronize my master tenant with the failover tenant?

Schedule the automatic synchronization

To set the automatic failover synchronization:

• Select Settings

• Press Tenants

• The failover scheduling is available on each tenant where the Failover enabled flag is displayed

• Switch the failover schedule toggle to ON

• Define the frequency and time of the scheduling

• If necessary define a Backup days offset to always synchronize the failover with a backup version from several days ago

• Press Save changes

If needed you can also manually launch a synchronization at any time.

Notes:

• Super administrators and tenant administrators can disable the scheduled failover inside the tenant settings section.

• Backups are automatically launched after an automatic synchronization 

Synchronize manually the failover tenant

From the source tenant

• Open a configuration or a users backup

• Press the Synchronize button left to the Restore button

• Fill in a description for the synchronization

• Confirm the synchronization

• Open the failover tenant to follow the progression

Once the synchronization is over:

• On the source tenant:

  • Access the Audit log to consult the status of the synchronization

  • Access the backup used for the synchronization by pressing the arrow on the dedicated audit log row

• On the target tenant:

  • Access the Reports page to consult the status of the synchronization

  • Access the failover report by pressing the arrow on the dedicated audit log row

Notes:

• It’s not possible to select the destination when synchronizing the master tenant. Failover tenant is defined at the tenant’s level on the settings page.

• We recommend starting with a synchronization of the configuration, then a synchronization of the users to correctly recreate the assignments.

Which data is managed by the failover?

Both configuration and users backups can be synchronized. 

Inside a configuration backup, the following components are not supported and won’t be synchronized:

• Behavior detection rules

• Brands

• Captchas

• Devices

• Email templates

• Factors (Classic tenants only)

• Linked Objects definitions

• Log Streams

• Organization 

• Role subscriptions

• Threat Insights

• Trusted servers of authorization servers

These data have to be manually recreated on the target tenant.

Notes:

• Backupta M2M Service is not synchronized nor updated

Understand the failover rules

Items deletion

When synchronizing the tenants, items that no longer exist on the master tenant, are deleted on the failover tenant.

Users status management

• Users created on the failover tenant won’t receive an activation email

• Users created on the failover tenant will have a staged status*

• Suspended, deactivated and locked-out users are not synchronized. Only active users (even with pending user action status) are synchronized.

*In the next failover version (7.1), staged users on failover tenants can be activated from Backupta UI.

Role assignments

• For security reasons, role assignments are not synchronized

Limitations

The failover limitations are the same limitations we have for the Clone. See the Clone limitations for more details.

How to activate a Failover tenant?

Users from the master tenant are synchronized with a Staged status on the Failover tenant. To activate these users:

• Access Settings

• Press Tenants

• Press the Edit button on the Failover tenant

• Scroll down the settings panel to access the danger ZoTo activate the failover tenant:

• Access the failover tenant in Backupta

• In the main menu press the Activate tenant button

• First step of the activation: 

  • Stop the replication between the source tenant and the failover tenant

• Second step of the activation:

  • Activate users (Users from the master tenant are synchronized with a Staged status on the Failover tenant). 

At the end of the process, open the dedicated report on the Reports tab to view the list of activated users. These users have received the activation email during this process and can log in to the new tenant.

With the Release Management feature, it’s possible to push a config object to one tenant from another.

Note:

• The object shouldn’t exist in the target tenant to be correctly pushed.

What are the prerequisites to push a config object?

• Target tenants must be defined in your Backupta instance. Contact your Backupta account manager to have the feature activated.

• You must be a Writer on both source and target tenants.

Note: 

• Target tenants are visible thanks to a badge in the tenant settings of your Backupta account.

How can I push an object to another tenant?

From a backup

From the source tenant

• Open a configuration backup

• Open a specific object

• Access its details panel

• Press the Push button on the actions bar of the details panel

• Fill in a description for the push

• Select the target tenant 

• Confirm the push

• Open the target tenant to follow the progression

Once the push is over:

• On the source tenant:

  • Access the Audit log to consult the status of the push

  • Access the backup used for the push by pressing the arrow on the dedicated audit log row

• On the target tenant:

  • Access the Reports page to consult the status of the push

  • Access the push report by pressing the arrow on the dedicated audit log row.

Note:

• Select several objects in the backup and press the “Push selection” button to push them all at once.

From a comparison report

• Launch a comparison between the source tenant and the target tenant

• Open the comparison report

• Access the “Only in referent” tab or the “Objects with differences” tab

• Select the objects you want to push

• Press the Push button at the top of the list

• Fill in a description for the push

• Confirm the push

• Open the target tenant to follow the progression

Once the push is over:

• On the source tenant:

  • Access the Audit log to consult the status of the push

  • Access the backup used for the push by pressing the arrow on the dedicated audit log row

• On the target tenant:

  • Access the Reports page to consult the status of the push

  • Access the push report by pressing the arrow on the dedicated audit log row

Notes:

• When pushing from the comparison report, the target tenant can’t be modified.

• You can select the object to push in both “Only in referent” and “Objects with differences tab.

Which data are managed by the Release Management feature?

Inside a configuration backup, the following objects can be pushed and will have the push button available:

• Applications and their assignments

• App Group assignments

• App User assignments

• App User Schemas

• Authorization servers and their sub-components

• Authorization servers policies

• Authorization servers policy rules

• Behavior detection rules 

• Group

• Group Rule

• Group User assignments

• Identity providers and their schemas

• Network Zones

• Policy and their policy rules

• Policy rules individually

• Profile Enrollment Policies

• Profile Enrollment Form

• Profile Mapping 

• Roles

• Resources Set

• Users

• User Schemas

Notes:

• In the next Backupta versions, we’ll add more component support in the release management feature.

Override App URLs during an App push

To override the app URL during a push:

• Select the apps you want to push

• Press the Push selection button

• Select the sub-objects

• Add the push description and choose the target tenant

• Press Next

• Before confirming the push, press the Override Applications settings option

• Depending on the app’s type, the following fields can be overridden

  • SAML App: SSO URL, Audience, Recipient URL, Destination URL

  • OIDC App: Sign-in Redirect URL, Sign-out Redirect URL

• Confirm the push

• The apps will be pushed to the target tenant with the values defined in the fields mentioned above

Notes:

• Only custom SAML & OIDC Apps (not OIN) URLs can be overridden

• Backupta only supports the overriding for 1 sign-in URL per App

Understand the Release Management limitations

• The release management limitations are the same limitations we have for the Clone. 

See the Clone limitations for more details. 

Understand the status of a Release Management job

There are three types of status:

• SUCCESS: The push is complete and everything has been created on the target tenant.

• WARNING: The push is not complete, open the Report tab to see on which data the warning is applied. The warning status appears in the following cases:

  • Objects that have been created since the last backup: the clone job doesn't delete them.

• ERROR: all other errors during the push appear with the ERROR status. 

  • If necessary:

    • Relaunch a push on the specific components or missing components that are needed to fully create the object

    • Contact Backupta support

The following alerts can be set on a tenant:

• Alerts on sensitive events

• Alerts on backup changes

• Alerts on backup status

To subscribe to alerts from Backupta, press the security alerts button available on:

• the right side of the backup page

• every change details panel

• the right side of the events page

• the tenant card (from the settings entry)

Note:

• You can unsubscribe at any time by pressing the alerts button and updating your preferences. Don’t forget to press the save button to apply your changes.

• You can import alerts from one tenant to another by pressing the “Import subscriptions” button at the top of the security alert subscription panel. 

What is the difference between My Alerts and Team alerts?

How to define My alerts?

“My Alerts” are individual alerts that can only be received by one personal email (or group). All Backupta Users can define “My Alerts”.

Sensitive events that match an individual alert are displayed in the “My alerts” tab of the Security Alerts page.

To define individual alerts:

• Press the Security alerts button

• Access the My alerts section

• Fill in an email address 

• For each alerts type, select the type of events to subscribe to

• Press the Save changes button

Every time a selected event happens, Backupta will send an alert notification by email.

Note: 

• By default in the Subscription panel, your Backupta account email address is filled in, but you can update it to another value

• Press the Subscribe to security alerts button to modify or cancel a subscription.

How to define Team alerts?

Only administrators can define Team Alerts. These alerts are sent to the whole team that has access to the channel specified during the subscription.

Sensitive events that match a team alert are displayed in the “Team alerts” tab of the Security Alerts page.

Prerequisites

Teams Alerts can be sent on:

• Slack

• MS teams

• Google Workspace

• Email Address

• Jira (except for backup status alerts)

Webhooks must have been created first to use the channels mentioned above. Depending on the channel, the following format is expected:

• Slack: https://hooks.slack.com/services/${SLACK_WORKSPACE_ID}/${SLACK_CHANNEL_ID}/${TOKEN}

  • Microsoft Teams: 

    • Incoming webhooks: https://${SUBDOMAIN}.{webhook|outlook}.{office|office365}.com/webhookb2/${SERVICE_ACCOUNT_IDENTIFIER}/IncomingWebhook/${WEBHOOK_ID}/${TOKEN} or

    • Workflows: https://${INSTANCE}.${REGION}.logic.azure.com/workflows/${WORKFLOW_ID}/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=${TOKEN} 

• Google Workspace: https://chat.googleapis.com/v1/spaces/${SPACE_ID}/messages?key=${API_KEY}&token=${TOKEN}

• Jira: https://automation.atlassian.com/pro/hooks/${AUTOMATION_ID}

Notes:

• Learn more on how to configure webhooks for:

  1. Slack

  2. MS Teams (via Incoming Webhooks)

  3. MS Teams (via Workflows) 

  4. Google Workspace

• For the Microsoft Teams Workflows integration, please select the template called "Post to a channel when a webhook request is received". If your channel is locked down to certain users, make sure you update the "Post as" parameter in the "Post card in a chat or channel" accordingly.

Team Alerts subscriptions

• Press the Security alerts button

• Under the Team alerts section, press the New subscription button

• Define a name for the alert

• Select the channel where to send the alert

• Fill in the required webhooks format according to the channel 

• For each alerts type, select the type of events to subscribe to

• Press the Save changes button

Every time a selected event happens, Backupta will send an alert notification to the selected channel. 

If the Jira channel is selected, a Jira ticket will be created every time a sensitive event that matches the subscription happens.

Notes:

• Super administrators can define up to 5 Team Alerts.

• Press the Subscribe to security alerts button to modify or delete a subscription.

Set alerts on sensitive events

• Press the Security alerts button

• Create a Team alerts or a My alerts

• Press the dropdown menu under Object changes

• Add as many categories as necessary

• For each category, select the type of events to follow

• Press the save changes button to update alert preferences.

Set alerts on backup changes

• Press the Security alerts button

• Create a Team alerts or a My alerts 

• Press the dropdown menu under Backup changes

• Select the type of alerts that will be sent:

• Users backup: an alert is sent if changes are detected between the two latest users backup

• Configuration backup: an alert is sent if changes are detected between the two latest configuration backup

• Press the save changes button to update alert preferences.

Set alerts on backup status

• Press the Security alerts button

• Create a Team alerts or a My alerts

• Press the dropdown menu under Backup statuses

• Select the type of statuses that should trigger an alert

• Press the save changes button to update alert preferences.

Note:

• Backup statuses team alerts can’t be sent on Jira channel

Which kinds of events are identified as sensitive by Backupta?

List of events that Backupta identifies as sensitive:

• Admin Users

  • Role change

  • Password change/reset

  • MFA change

• API Token

  • Delete

  • Create

  • Update

• Apps

  • Create

  • Update

  • Delete

  • Activate

  • Deactivate

• Authenticators (OIE only)

  • Create

  • Update

  • Activate

  • Deactivate

• Authorizations Servers

  • Create

  • Update

  • Activate

  • Deactivate

  • Delete

• Factor Types (Classic only)

  • Activate

  • Deactivate

• Features

  • Activate

  • Deactivate

• Groups

  • Delete

• Group Rules

  • Create

  • Update

  • Deactivate

  • Activate

  • Delete

• Identity Providers

  • Create

  • Update

  • Delete

  • Activate

  • Deactivate

• Network Zones

  • Create

  • Update

  • Delete

  • Activate

  • Deactivate

• Policies

  • Create

  • Update

  • Delete

  • Activate

  • Deactivate

• Policy Rules

  • Create

  • Update

  • Delete

  • Activate

  • Deactivate

• Resource Set

  • Create

  • Update

  • Delete

• Workflow

  • Activate

  • Assign

  • Create

  • Deactivate

  • Delete

  • Save

Who can access Backupta?

A Backupta account is required to access Backupta. 

This account can be created by a Backupta super administrator or tenant administrator, in the Backupta UI.

Add new users

• Select Settings

• Press Users

• Press the Add user button

• Fill in the mandatory fields: Last name, First name and Email

• Optional: Tick the checkbox to define a temporary password for the user 

• Define the user’s role

• Press the Send invitation button

Notes: 

• You don’t need to define a role per tenant for super-admin.

• The user will receive an invitation to join your team in Backupta. 

• Users who haven't accepted yet the invitation are displayed in a “pending” status.

• Copy the temporary password to send it directly to the new user. In the meantime the user will receive it in the standard invitation email. 

Grant tenant access to a user in Backupta

As a tenant administrator (Admin) it’s possible to grant access to user to a specific tenant

• Select Settings

• Press Tenant

• Press the Edit button

• Next to User rights, press the + button

• Fill in the Email of the user and define his permissions to the tenant

Notes:

• A user must have a Backupta account to define his permissions to a specific tenant.

Modify a user in Backupta 

• Select Settings

• Press Users

• Press the edit users button on a specific user

• The following field can be modified:

  • Last name

  • First name

  • Tenant’s permissions

• Press the Save changes button to apply the modifications

Delete a user in Backupta 

• Select Settings

• Press Users

• Press the edit users button on a specific user

• Press the Delete this user button

• Confirm the deletion

Note:

• A user deletion can’t be undone. To add the user again a new invite has to be sent.

• After 7 days, if a pending user has not accepted the invitation, this invitation has expired. Access the User's settings to resend an invitation. 

• The list of users and their permissions can be downloaded from the Users page in the settings section. 

What do my users have access to depending on their roles?

5 roles are available in Backupta. 

A user can have different roles depending on the tenants he can access.

*A target tenant must be defined to use the feature (See Clone or Release Management)

** Only on tenants where the user is Admin

To view the users’ role per tenant:

• Select Settings

• Press Tenants

• Press the Edit button

• Access the list of users who have access to the tenant and modify their roles if necessary.

How can I back up my Okta tenant?

Schedule the automatic backups

Three scheduled backups (Users, Configuration and Workflows) are defined for each tenant you have access to in Backupta.

To see this scheduling:

• Select Settings

• Press Tenants

• The backup schedule is displayed on each tenant's card

• Press the Edit button to update the scheduling

• Update the time and period fields

• Press Save changes

If needed you can also manually launch a backup at any time.

Note:

• Super administrators and tenant administrators can disable the scheduled backup inside the tenant settings.

Beta: Backup your workflows

This is a beta-feature, be kind :-)

To backup the workflows:

• Contact Backupta support to activate the feature and configure the backup tool

• Follow the Launch a manual backup process

Launch a manual backup

To launch a backup:

• Press the Backup now button at the top left panel or

• Press the Backup now button at the top right corner of the backup page

• Select the type of backup you want to launch: Users, Configuration, Users and Configuration, or Workflows 

• Add a backup name to keep a trace of your backup

• Press the Backup now button to launch the backup

• A progress bar appears in the left panel to show the backup progression

• A the end of the process you can see the backup at the top of the backups list

Notes: 

• The backup name is mandatory and can’t be modified.

• Download backup files by pressing the download button inside a backup content (top right corner of the page).

• If a resource is deleted halfway through backup, this resource is removed from the backup to generate more consistent backups.  

Understand the content of my backup

From the Backupta UI, you can press the Backup now button and choose between:

• A configuration backup that contains all configuration resources from your Okta tenant

• A users backup that contains all user data from your Okta tenant

• A workflows backup that list all:

  • Folders (Folder Name + Folder ID)

  • Flows (Flow Name + ID)

  • Methods (Methods Name + ID)

  • Tables (CSV File)

Notes:

• User Schemas are backed up on both sides as an inconsistency between Schemas and Users could prevent Backupta from restoring the users.

• If you select both options, the two backups will be launched one after the other. As a result, you’ll see two new backup rows in the backup table.

• The assignment processing can take time, if you have a lot of users with a lot of assignments we recommend launching Users backups during out-of-office hours, or at least making sure that nobody else is using Backupta. You won’t be able to launch another backup or restore in Backupta during this time.

How can I define a default tenant?

To define a default tenant to work on in the Backupta UI:

• Select Settings in the main menu

• Press Tenants

• Press the Make default button to define the default tenant

• A default tag is added to the tenant

Note: When accessing Backupta from a URL that contains a tenant, the tenant in the URL will open even if a default tenant is defined.

Where can I see my Backupta account configuration?

Access system settings

Super-admins can see the configuration of the Backupta workspace.

• Press Settings in the main menu

• Press System

Information about the storage and identity providers used to access Backupta is displayed.

Notes:

• If a SIEM integration is activated all details are displayed. Contact Backupta support for more information about SIEM integration.

Access tenant settings

Super-admins and tenant administrators can see tenants’ configuration.

• Press Settings in the main menu

• Press Tenants

• Press the Edit button on the tenant card

For each tenant, the following information is displayed:

General information

• Tenant URL

• Tenant name

• Client iD

• Events retention Period

This information is read-only, contact Backupta support to update it.

Backup schedule

• Learn more about Backup scheduling

Failover 

Only when activated on the tenant.

• Learn more about Failover

Storage

• Depending on the storage, the fields displayed may differ from one tenant to another.

• All details related to the storage are available: Type, Bucket, Project-iD, Credentials…

This information is read-only, contact Backupta support to update it.

Features

Access the list of features activated on your tenant:

• Workflow: Backupta backups the workflow

• Timeline: Timeline view is activated

• Clone target: the tenant can be used as a clone target by another tenant

• Failover: the tenant can be used as a master tenant and synchronized with a failover one

• Failover Target: the tenant can be used as a failover tenant to be synchronized with a master tenant

• Compliance Center: the Compliance Center page is displayed

• Reset Password: user’s passwords are not reset during a restore

Components

View specific rules that are applied during the restore

Applications

• Backup only active apps: inactive applications won’t be backed up by Backupta

Users

For each CREDENTIAL PROVIDER (AD, LDAP, SOCIAL, FEDERATION, IMPORT, OKTA…) a level of restoration is defined:

• Partial restore: Backupta restores assignments, and changes applied to status and attributes handled by Okta. Deleted users won’t be recreated during the restore. 

• Full restore: Backupta restores assignments, changes of status and attributes handled by Okta. Deleted users are also recreated during a restore and become Okta-sourced users. (No activation emails are sent during the user recreation)

Notes:

• Partial restoration is recommended if the synchronization process between the user's source and Okta is stable and if one or more attributes are directly managed by Okta.  

• Full restoration is recommended if users need to be (re)created in the Okta tenant to benefit from federated authentication.

How can I see the user assignments on apps, groups and roles?

View the list of users

• Access the Backups page

• Select a Users backup

• On the Users tab, press Users 

• The list of users that exist in the tenant is displayed

• Press the user email to open the details panel

• If there are existing assignments for the user, dependency tabs are displayed for:

  • Applications

  • Roles

  • Groups

Notes:

• Only direct assignments are listed (Apps and roles assigned from groups or group rules are not displayed here)

• For now, assignments are not displayed under Groups.

• Access a specific group in a backup to see the number of assigned users and its variation.

• Access a specific app in a backup to see the number of assigned users and its variation.

Download users of any Group or App

• Access the Backups page

• Select a Configuration backup

• Select one App or Group

• The number of Users assigned is displayed

• Press the download button

• A .csv file is downloaded which contains all users assigned for the App or the Group

Note:

• The download of users is available from any point in time for backups done after Backupta release 6.7.

How can I see group assignments on an app?

• Access the Backups page

• Select a Configuration backup

• On the Objects tab, press Apps 

• The list of apps that exist in the tenant is displayed

• Press the app name to open the details panel

• If there are existing assignments for the app, dependency tab is displayed for:

  • Groups

Notes:

• Only groups assignments are displayed for now. App assignments are available on user details.

• Apps grants are also displayed as assignments under an application. 

• For now, assignments are not displayed under Groups.

Which components do I need to select during a selective restore?

The components you can restore depend on the backup type. Find below the files from the backup that are restored when selecting a component:

Configuration Backup

Users backup 

Notes: 

• When recreating an App, or a Group after a deletion, if assignments have to be restored as well, Backupta retrieves:

  •  the associated User backup if both have been launched simultaneously

  • or the previous nearest User backup if backups have been launched separately

  •  If the expected assignments are comprised in a Users backup that is more recent than the Configuration backup, you'll have to manually launch a restore from this Users backup after your Configuration restore. 

• If a User has to be recreated during a restore, its assignments will also be restored.

How does Backupta manage my external source of data?

You may have an external source (such as an Active Directory) to manage part of your data. For these data, Backupta applies the following rules:

• All data that are coming from an external source are backed up by Backupta

• Only external source user-application assignments and external source group-application assignments are restored as Okta is the source

• External source data that have been deleted, updated or created since the backup used for a restore, are not modified.

Notes:

• After a restoration, if some external source data exist, a warning is displayed in the restoration report to confirm they haven’t been restored.

• Contact your Backupta account manager to whitelist some types of external resources (such as FEDERATION) and Backupta will restore the users data.

How can I restore user assignments to an external source?

1. Fix assignments in the source

2. Run an import from the source into Okta

How can I reconnect a user to the source?

1. Run an import from the source into Okta

2. If needed, confirm the user match

How can I restore the directory app / restore a directory agent?

1. Reinstall the the directory agent

2. Reconfigure missing provisioning settings

3. Run an import from the source into Okta

How can delete a user that has been created?

1. Disable or delete the user in the source

2. Run an import from the source into Okta

How can I delete an external group that has been created?

3. Delete group in the source

4. Run an import from the source into Okta

What can I see in my restoration report?

To access a restoration report:

• Press the To restore report button at the end of the restore process or

• Press the Reports entry from the main menu and use the filters to only display Restore (or Revert) actions

In the restoration report you can see:

• The status of the restoration and its details

• The changes made by the restoration

Understand the status of a restoration job

The Status is a global status for the restoration. If your restoration status is WARNING or ERROR, that means the restoration is not complete, but all data that don’t have these statuses have been well restored.

There are three types of status:

• SUCCESS: The restoration is complete and everything has been restored.

• WARNING: The restoration is not complete, open the Report tab to see on which data the warning is applied. The warning status appears in the following cases:

  • Authentication API warning: The API does not allow the update

  • Factor API warning: The factor activation can sometimes generate an error that is dependent on the factor to activate (special factor like Duo)

  • Features API warning: The order of activation/deactivate of feature with dependency can generate a warning

  • Policy API warning: Default policy cannot be updated through API because it is considered as read-only

  • Data that are coming from an external source (such as an Active Directory) are not restored (no deletion, creation or update)

  • Objects have been created since the last backup: the restore job doesn't delete them.

• ERROR: all other errors during the restoration appear with the ERROR status. The restoration is not complete, open the Report tab to see on which data the error is applied

View the list of changes made by the restoration

Press the Changes tab to see the list of changes made during the restoration.

For each change you can see:

• The object type

• The object name and its ID

• The type of the change that has been applied (Add, Update, Delete)

Press one row to access the content of the backup file used for the restoration.

Notes:

• If the Changes tab is empty, nothing happened during the restoration.

• Use filters to retrieve dedicated types of changes or objects

• For some objects such as Custom Role Group Assignment, we’re not able to retrieve the object name. Only the ID is displayed.

Which resources are eligible for a revert?

Backupta allows you to revert the following events:

• Deletion: the object that has been deleted will be recreated as well as its assignments

• Update: the object version is rolled back to its version available in the most recent backup source

This is not possible to revert a creation event using Backupta except for assignments.

You can only revert the events that happened on the following components:

• Access Policies 

• Access Policy Rules

• Applications

• App Group assignment

• App User assignment

• App User Schema

• Authorizations servers

• Authorization Servers Policies

• Authorization Servers Policy Rules

• Behavior detection rule

• Custom Roles

• Entity Risk Policy Rules 

• Group

• Group Rule

• Group User assignment

• Identity Providers

• IdP Discovery Policy rules

• Mappings

• MFA Policy

• MFA Policy rule

• Network Zone

• Okta Account Management Policy Rules 

• Okta User Profile

• Password Policy

• Password Policy Rule

• Post Auth Session Policy

• Post Auth Session Policy Rules

• Profile Enrollment Policy

• Profile Enrollment Policy rule

• Resource Set

• Role Group assignment

• Role User assignment

• Sign-on policy

• Sign-on Policy rule

• Users

Notes:

• New revert options on a dedicated object will be progressively added in the next Backupta releases.

• When reverting a change on an object such as a network zone Backupta only restores the object itself. If the zone is recreated, its link with other objects such as Policy rules won’t be restored. This prevents Backupta from erasing other changes that may have been done to the policy rule.

• Due to technical limitations, the revert will NOT apply if the only change in the App User Schema is an attribute update.

Where can I launch a revert?

From Backupta, it’s possible to launch a revert (on eligible events) from:

• the events page, by ticking one or several events

• the details panel of an event, by ticking one or several changes

• the changes page of a backup, by ticking one or several events

• the details panel of a change

Note:

• When launching a revert, press the Preview link to see the changes that will be applied on the tenant.

I made a mistake on a component that is not eligible to the revert option, how can Backupta help me?

To quickly restore a previous version of one of the following components:

• Authenticators

• Brands

• Event Hooks

• Inline Hooks

• Role Permissions

• SMS translations

• Threat Insights

Open the component from the latest backup or open the event details from the events page.

Press the Restore component category button.

The whole component category will be restored.

Notes:

• If other objects were modified since the backup used for the restoration, the modifications will be erased.

• For other restore needs, press the restore button at the top right corner of a backup content and select the components to restore

How to follow events that happened on my Okta tenant?

Press the Events entry in the main menu to access the list of events that happened to objects in your Okta tenant. Objects can contain components (ie. assignments are components of a user object) and events are grouped by objects:

• If there is one change per object per Backup, as many rows as events will appear on the events page.

• If two or more changes for the same object are tagged with the same Backup, all these changes will be displayed as grouped together in one row on the events page.

• If the same object has two events but is split on two different Backups, two rows will appear: one event is displayed per Backup.

Notes:

• Only events that happened on objects backed up by Backupta appear on the events page.

• Use filters to access dedicated objects or types of changes

• If a group containing a lot of users is assigned/unassigned to an application, only the assignment event will appear (and not the per-user events)

• Use the filters to select dedicated configuration or user objects, a change type or a period. If there are a lot of assignments use the Configuration only filter to have a clearer view of other events.

• Press the “Access recent event” button in the objects in the backup, the changes page and the event details panel to quickly access all events related to this object. 

Understand the type of change of an event

When several changes are grouped, the row of the object displays the information of the most relevant event, according to the following rules :

• If the Group of events contains the deletion of the entity: the deletion event is displayed in the table

• Else, if the Group of events contains the creation of the entity: the creation event is displayed

• Else, the update event is displayed

Note:

• The number of changes per object is displayed in the events page table

Access the details of a grouped event

Press one row in the events table to access the details of one event. 

In the details panel, all events that happened to the same object are listed. 

For each event, the following details are available:

• The name of the action (ex: Administrator consent revoke)

• The date of the change

• The author of the change (changes can have different authors inside the same event)

• The .json of the object(s) with highlighted changes

Notes:

• For assignment changes, only the name of the assigned object and the type of change is listed.

• Due to Okta limitations, Backupta can’t display the details about:

  • a standard role that has been revoked

  • the update of authenticator parameters

• The name of the action matches the Okta API request (ex: a group rule update will be displayed as a policy rule update)

• Select the left border of the details panel to extend it

Why does the event appear as Unsaved?

Backupta retrieves Okta events a few minutes after they happened. This means that events that happened between two backups are tagged as Unsaved on the event page.

To back up unsaved events, press the Backup now button from the left panel. All events will appear as backed up.

Note:

• Hover over the Backed tag to see in which backup the event has been saved.

How to follow events that happened on my Backupta account

Understand the Backupta dashboard

A global view of what’s happening in a Backupta tenant is available in the Backupta dashboard.

Backups information

• Status of the automatics backup: 

  • press the link to modify the scheduling or disable the automatic backupn

• Backup history: 

  • follow the percentage of success/failure of the backups 

• Unsaved events: 

  • view the number of changes unsaved per types of backup: press the Backup now button to save the latest changes 

• Backup changes

  • Access latest changes per categories identified during previous backups

  • Press one card to view the changes on a dedicated category

Tenant activity

• The five latest jobs launched in the tenant are displayed

• Press a card to access the report of the job

Security alerts

• The five latest security alerts are listed

• Press the Access recent events button for more details

Monitor the Audit log

Events that happened on Backupta are tracked on the Backupta audit log page.

Only Super administrators and tenant administrators have access to the Audit log page.

• Press Audit log

• The following events are listed and can be accessed depending on your roles:

  • Backup events

    • A backup is started, an event appears on the audit log

    • A backup is finished, it replaces the “Backup started” event and gives access to the backup details

  • Restore events

    • A restore or a revert is started, an event appears on the audit log

    • A restore or a revert is finished, it replaces the “Restore/Revert started” event and gives access to the restore report 

  • Settings events 

    • A user is added to Backupta

    • A user is modified in Backupta

    • A user is deleted from Backupta

    • User’s permissions are modified

    • Tenant’s permissions are modified

    • The automatic backup is modified/deactivated

  • Login events

    • A user signed in to Backupta

  • Clone events

    • From the source tenant: 

      • A clone is started, and an event appears on the audit log

      • A clone is finished, it replaces the “Clone started” event and gives access to the backup used for the clone

    • From the target tenant:

      • A clone is started, and an event appears on the audit log

      • A clone is finished, it replaces the “Clone started” event and gives access to the report of the clone

    • Push events

      • From the source tenant: 

        • A push is started, and an event appears on the audit log

        • A push is finished, it replaces the “Push started” event and gives access to the backup used for the push

      • From the target tenant:

        • A push is started, and an event appears on the audit log

        • A push is finished, it replaces the “Push started” event and gives access to the report of the push

Notes:

• Backup, restore and revert events are displayed according to the tenant selected in the dropdown menu at the top of the left panel.

• Press the Download button at the top right corner to download the audit log 

• Backupta provides SIEM integration to send audit log events to Splunk and Datadog. Contact Backupta support for more information. 

How to contact Backupta support?

• Press the Help entry from the main menu

• Select Contact support

• Choose your entry point depending on the type of your request

• The Backupta support team will be happy to assist you