This article applies to:
- Product edition: inSync Cloud and Phoenix using Druva Cloud Platform (DCP)
- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.
- Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.
This article provides the steps to configure SSO for Druva Cloud Platform (DCP) using Okta as IdP.
The configuration is performed in the following order:
Configure the Druva application on Okta
- Login to Okta admin console using your Okta admin credentials.
- On the menu bar, click Applications > Applications.
- Click Add Application.
- Search and add Druva 2.0 application.
- Click Done. A new application gets created.
- Open the Sign On tab and click Edit.
- Click View Setup Instructions and follow all the eight Configuration Steps mentioned in the setup instructions.
- After all eight steps are complete, click Save on the Okta admin console.
- Open the Assignments tab and assign this application to the intended Okta users.
The same Druva 2.0 app can be used to configure both SCIM and SSO.
Enable SSO for inSync and Phoenix Administrators
- Login to the DCP console and go to Settings.
- On Single Sign-On Settings, click Edit. The Edit Single Sign-On Settings page opens.
- Select the Enable Single-On for Administrators. Failsafe for Administrators is enabled by default.
Druva recommends to enable Failsafe for Administrators so that they have to access the DCP console in case of any failures in IdP (ADFS). It also enables the admins to use both SSO and DCP password to access the DCP console.
- Click Save.
This enables the access to DCP using SSO.
Enable SSO for the users
To enable SSO for users, enable SSO for an existing user profile. Alternatively, create a new profile and enable SSO for this profile. Subsequently, assign the users to this profile to enable access using SSO.
To enable SSO for users, either enable SSO for an existing user profile or create a new profile and enable SSO for the new profile. Subsequently, assign the users to the profile enabled with SSO, as indicated below:
To enable SSO for users: