How to configure SSO for Druva Cloud Platform using Okta as IdP
This article applies to:
- Product edition: inSync Cloud and Phoenix using Druva Cloud Platform (DCP)
- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.
- Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.
This article is applicable only to the customers on Druva public cloud using okta idP. Because Okta inbuilt “Druva 2.0” application is hardcoded with the SSO parameters based on the public cloud. For GovCloud customers, Okta inbuilt “Druva 2.0” application is not applicable. GovCloud customers with Okta IdP, please refer the article: Configure SCIM and Single-Sign On between Druva GovCloud and OKTA - Druva Documentation
The configuration is performed in the following order:
Configure the Druva application on Okta
Login to Okta admin console using your Okta admin credentials.
Click on the Left top hamburger Menu , click Applications > Applications.
You will see the page like below
Click on Browse App Catalog and search for Druva 2.0
Click Done. A new application gets created.
Open the Sign On tab
Scroll down and Click View Setup Instructions and follow all the eight Configuration Steps mentioned in the setup instructions.
After all eight steps are complete, click Save on the Okta admin console.
Open the Assignments tab and assign this application to the intended Okta users.
The same Druva 2.0 app can be used to configure both SCIM and SSO.
Enable SSO for inSync and Phoenix Administrators
Login to the DCP console and go to Druva cloud Settings from Hamburger Menu
On Single Sign-On Settings, click Edit. The Edit Single Sign-On Settings page opens.
Select the Enable Single-On for Administrators. Failsafe for Administrators is enabled by default.
Druva recommends to enable Failsafe for Administrators so that they have to access the DCP console in case of any failures in IdP (ADFS). It also enables the admins to use both SSO and DCP password to access the DCP console.
This enables the access to DCP using SSO.
Enable SSO for the users
To enable SSO for users, enable SSO for an existing user profile. Alternatively, create a new profile and enable SSO for this profile. Subsequently, assign the users to this profile to enable access using SSO.
To enable SSO for users, either enable SSO for an existing user profile or create a new profile and enable SSO for the new profile. Subsequently, assign the users to the profile enabled with SSO, as indicated below:
To enable SSO for users:
- Login to the inSync Management Console and either create a new profile or update an existing one. Refer Create a profile or Update a profile section for the steps.
- Assign users to the profile with SSO enabled. Refer Update the profile assigned to users section for the steps.