Step 1: Configure the CloudRanger SSO application on Okta

1. Create a new web application in Okta, select the Sign on method as SAML 2.0, and click Create.
   

2. Name the App, select the Do not display application icon to users checkbox, and click Next.
   

3. Use the following values in the General Section.

• Single Sign on URL: https://cloudranger.auth0.com/login/...nection=XYZSSO
• Audience Restriction: urn:auth0:cloudranger:XYZSSO
• Name ID format: EmailAddress
• Application username: Email

4. Add the following parameter values in the Attribute Statements section and then click Next.

• email_verified: true
• email: user.email

5. Select the App type as Internal and click Finish.
   

6. Now that the App is created, click  View Setup Instructions under the Sign On tab and copy the Identity Provider Single sign-On URL, and then save it in a notepad.

7. Download the X509 certificate and save this as well.

Step 2: Contact Druva Support to get the SSO configuration setup in CloudRanger

1. Contact Druva Support and provide the following information so that the configuration can be completed in CloudRanger backend.

• Identity Provider Single sign-On URL that you copied in the previous step
• X509 certificate that you downloaded 
• The email domain(s) your users will be logging in with, such as "example.com"
• The SAML sign out URL (optional)

2. Druva Support will provide you the correct values for the following parameters once SSO has been configured in the backend.

• Single Sign on URL
• Audience Restriction

Step 3: Update  the CloudRanger SSO application on Okta

1. Open the CloudRanger SSO application in Okta and go to the General tab.

2. Click the Edit button under SAML Settings.
   

3. In the Configure SAML section, update the provided values for the following attributes.

• Single sign on URL
• SP Entity ID

4. SSO is now set up correctly and you can use your email address to sign in to CloudRanger.