Skip to main content
Druva Documentation

How to configure SSO for Druva Cloud Platform using OneLogin as IdP

This article applies to:

  • Product edition: Druva Cloud Platform (DCP)
    This article applies to Phoenix/inSync Administrators and inSync users, based on the settings configured. 

Overview

This article describes the steps to configure SSO for Druva Cloud Platform using OneLogin as IdP. 

The configuration involves the following tasks:

  1. Generate SSO Token from the DCP Console.
  2. Create and configure a custom app on the OneLogin console.
  3. Configure DCP with OneLogin 

 

 

 

  • Only a Druva Cloud administrator can set up Single Sign-on. 
  • Configure Single Sign-on based on the applicable scenarios:
    • New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article. 
    • Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.

 

Generate SSO Token from the DCP Console

To generate the SSO token:

  1. Log in to the DCP Console and on its menu bar click the account icon > Settings.
  2. Click Generate SSO Token.
  3. Click Copy. The token gets copied to the clipboard.
  4. Copy the token in a text file and keep the file available for future use.

Configure the OneLogin App

To configure the OneLogin app:

Prerequisites: 

  • Administrator credentials of OneLogin
  • SSO authentication token generated from the DCP Console.

Procedure:

  1. Log in to OneLoigin console with the administrator credentials.
  2. Go to Apps > Add Apps and type SAML Test in the search box.

    FindApplicationsPg.png
  3. Click OneLogin SAML Test (idP2/multi value attr).
  4. Name the app and click Save.
  5. Fill the details under the info tab.
  6. Open the Configuration tab and enter the details as suggested below:
     

    Name

    Value

    SAML Consumer URL https://login.druva.com/api/commonlogin/samlconsume 
    SAML Audience DCP-login
    SAML Recipient https://login.druva.com/api/commonlogin/samlconsume 
  7. Open the Parameters tab and click Add Parameter.
  8. Enter the following details in the respective fields and click Save:
    Name:  druva_auth_token
    Value: Macro and copy the SSO authentication token generated from the DCP console in the text box below. 
    Flags: Select Include in SAML assertion

    EditFieldPg.png
  9. Click Add Parameter again and enter the following details in the respective fields and click Save:
    Name:  emailAddress
    Value: Email 
    Flags: Select Include in SAML assertion

    EditFieldEmailPg.png
  10. Open the SSO tab and click View Details under X.509 Certificate.
  11. Copy the X.509 Certificate to a text file for future use.
  12. Copy the SAML 2.0 Endpoint (HTTP) URL to a text file for future use.

    SSOPg.png
     

Configure DCP to use OneLogin

To configure SSO on DCP:

  1. Log in to the DCP console and click the account icon > Settings from the menu bar. 
  2. Click Edit against Single Sign-On and enter the values based on the description below:
     
    Name Value
    ID Provider Login URL Copy the SAML 2.0 Endpoint (HTTP) URL copied earlier
    ID Provider Certificate Copy  X.509 Certificate that we copied earlier. Do not leave out any blank spaces
    Single Sign-On for Administrators Select to enable SSO for the Administrator login. (Optional)
    Failsafe for Administrators Select to enable administrators to access DCP Console using both SSO and DCP passwords. 
    Druva recommends enabling Allow failsafe access to Druva Cloud administrators (recommended). This enables DCP Administrators to use both SSO  and Druva passwords for authentication.

    ConfigDCPforOneLogin.png
  3. Click Save.

On all subsequent attempts to log in to DCP Console, use the administrator's email ID and DCP directs to the IdP page to authenticate using SSO.

Assign Druva App to users on OneLogin

  1. Log in to OneLogin console.
  2. Go to Users and click All Users
    The All Users page is displayed.
  3. Click a username to see the user details. The details are displayed on the User Details page.
  4. Click the Application tab on the User Details page. The User Applications page is displayed.
  5. Click + (plus sign) to add a new application. The Assign New Login page displayed.
  6. Set an option from the Select Application list and click Continue. The edit application login page is displayed.
  7. Verify the details and click Save.