This article applies to:
- Product edition: Druva Cloud Platform (DCP)
This article applies to Phoenix/inSync Administrators and inSync users, based on the settings configured.
This article describes the steps to configure SSO for Druva Cloud Platform using OneLogin as IdP.
The configuration involves the following tasks:
- Generate SSO Token from the DCP Console.
- Create and configure a custom app on the OneLogin console.
- Configure DCP with OneLogin
- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.
- Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.
Generate SSO Token from the DCP Console
To generate the SSO token:
- Log in to the DCP Console and on its menu bar click the account icon > Settings.
- Click Generate SSO Token.
- Click Copy. The token gets copied to the clipboard.
- Copy the token in a text file and keep the file available for future use.
Configure the OneLogin App
To configure the OneLogin app:
- Administrator credentials of OneLogin
- SSO authentication token generated from the DCP Console.
- Log in to OneLoigin console with the administrator credentials.
- Go to Apps > Add Apps and type SAML Test in the search box.
- Click OneLogin SAML Test (idP2/multi value attr).
- Name the app and click Save.
- Fill the details under the info tab.
- Open the Configuration tab and enter the details as suggested below:
SAML Consumer URL https://login.druva.com/api/commonlogin/samlconsume SAML Audience DCP-login SAML Recipient https://login.druva.com/api/commonlogin/samlconsume
- Open the Parameters tab and click Add Parameter.
- Enter the following details in the respective fields and click Save:
Value: Macro and copy the SSO authentication token generated from the DCP console in the text box below.
Flags: Select Include in SAML assertion
- Click Add Parameter again and enter the following details in the respective fields and click Save:
Flags: Select Include in SAML assertion
- Open the SSO tab and click View Details under X.509 Certificate.
- Copy the X.509 Certificate to a text file for future use.
- Copy the SAML 2.0 Endpoint (HTTP) URL to a text file for future use.
Configure DCP to use OneLogin
To configure SSO on DCP:
- Log in to the DCP console and click the account icon > Settings from the menu bar.
- Click Edit against Single Sign-On and enter the values based on the description below:
Name Value ID Provider Login URL Copy the SAML 2.0 Endpoint (HTTP) URL copied earlier ID Provider Certificate Copy X.509 Certificate that we copied earlier. Do not leave out any blank spaces Single Sign-On for Administrators Select to enable SSO for the Administrator login. (Optional) Failsafe for Administrators Select to enable administrators to access DCP Console using both SSO and DCP passwords.
Druva recommends enabling Allow failsafe access to Druva Cloud administrators (recommended). This enables DCP Administrators to use both SSO and Druva passwords for authentication.
On all subsequent attempts to log in to DCP Console, use the administrator's email ID and DCP directs to the IdP page to authenticate using SSO.
Assign Druva App to users on OneLogin
- Log in to OneLogin console.
- Go to Users and click All Users.
The All Users page is displayed.
- Click a username to see the user details. The details are displayed on the User Details page.
- Click the Application tab on the User Details page. The User Applications page is displayed.
- Click + (plus sign) to add a new application. The Assign New Login page displayed.
- Set an option from the Select Application list and click Continue. The edit application login page is displayed.
- Verify the details and click Save.