This article applies to:
- Product edition: Druva Cloud Platform
This article describes the steps to configure SSO for Druva Cloud Platform using Okta as IdP. The configuration involves the following main tasks:
- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.
- Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.
Configure SSO for DCP Administrators using Okta as IdP
Generate SSO token from DCP Console
- Log in to the DCP Console and on its menu bar click the account icon > Settings.
- Click Generate SSO Token.
- Click Copy. The token gets copied to the clipboard.
- Copy the token in a text file and keep the file available for future use.
Configure the Okta app
- Login to the Okta console using the organization-specific URL.
- Click Admin.
- On the admin screen, click Add Application > Create New App. The Create a New Application Integration window is displayed.
- Select SAML 2.0 and click Create.
- Under the General Settings tab, enter a name of the new app in the App name field. For example, the name can be Druva_Cloud_Platform.
- Upload a logo of the app. This step is optional.
- Click Next and under the Configure SAML tab, configure the settings as described below:
Single Sign-On URL https://login.druva.com/api/commonlogin/samlconsume Audience URI (SP Entity ID) DCP-login Default RelatyState Leave blank. Name ID format Select EmailAddress from the dropdown list. Application username Select an Email from the dropdown list.
- Enter the following under Attribute statement and click Next.
- Name : druva_auth_token
- Value: Enter or copy the SSO token generated in the earlier procedure. Ensure the auth token is enclosed in quotation marks (" ").
- Click View Setup Instructions on the next screen. Anew page is displayed.
- Copy the values for Identity Provider Single Sign-On URL and X.509 Certificate in notepad for future use in this configuration and close the page.
- Click Assignments tab on the SSO application just created and assign and the users or groups as required.
Configure DCP to use Okta as IdP
- Login to the DCP Console and on its menu bar, click the account icon > Settings.
- Open the Single Sign-On tab and click Edit.
- Enter the values copied in the earlier procedure as follows:
- ID Provider Login URL: Enter the Identify Provider Single Sign-On URL copied earlier
- ID Provider Certificate: Enter the X.509 Certificate copied earlier
- Enable the following:
- Single Sign-On for Administrators
- Failsafe for Administrators
- Click Save.
On the next attempt to access Druva Cloud Platform (DCP) using the email ID, DCP will redirect you to the IdP page for authentication using SSO.
Druva recommends enabling Failsafe for Administrators initially. This enables the administrator to use both SSO and DCP password to access the DCP Console. This ensures the administrator always has access to the DCP Console even if SSO is impacted due to any change in the IdP.