Create a relying party

After you have set up the Federation Server, the next step is to create a relying party.

To create a relying party:

1. On the Start menu, click Administrative Tools > ADFS 3.0 Management. The ADFS 3.0 window appears.
2. Expand the Trust Relationships node.
3. In the right pane, click Add Relying Party Trust. The Add Relying Party Trust Wizard appears.
   
   
4. Click Start. The Select Data Source page appears.
5. Click Enter data about the relying party manually, and then click Next. The Specify Display Name page appears.
   
   
6. Refer the field description below and enter the appropriate information for each field , and click Next.
   • Display Name: Name of the relying party to be displayed. For example, Druva inSync.
   • Notes: Brief description of the relying party.
     
     
      
7.  The Choose Profile page appears.
8. Select AD FS profile and click Next.  The Configure Certificate page appears.
   
   
9. Optionally, to encrypt the SAML token, browse and select the certificate, and then click Next. However, ADFS establishes a secure SSL connection with Druva inSync, which ensures the token is encrypted.
   
   
10. On the Configure URL page:
    • Select the Enable support for the SAML 2.0 WebSSO 2.0 protocol checkbox.
    • Under Relying party SAML 2.0 SSO service URL, provide the URL: https://login.druva.com/api/commonlogin/samlconsume.
    • Click Next. The Configure Identifiers page appears.
      
      
11. In the Relying party trust identifier box, enter DCP-login. The web application passes this realm to the ADFS when users log into the web restore URL.
    
    
12.  Click Next. The Configure Multi-factor Authentication Now page appears.
    
    
13. Select I do not want to configure MFA settings for this relying party trust at this time and click Next. The Choose Issuance Authorization Rules page appears.
    
    
14. Select Permit all users to access this relying party and then click Next. The Ready to Add Trust page appears.
15. Review and if required, update the settings that you have configured, and then click Next. The Finish page appears.
    
    
16. Ensure that the Open the Edit Claim Rules dialog for this relying party trust when the wizard closes check box is by default selected.
17. Click Close.

Create a new claim

To create a new claim

1. On the Edit Claim Rules window, under the Issuance Transform Rules tab, click Add Rule. The Select Rule Template page appears.
2. In the Claim rule template list, select Send LDAP Attributes as Claims, and then click Next. The Edit Rule – LDAP EMAIL window appears.
   
   
3. Enter the appropriate information for each field based on the description below:
   
   Claim rule name: Enter the name of he claim rule.
   Attribute store: Select Active Directory from the list.
   
   
   Under Mapping of LDAP attributes to outgoing claim types:
   
   LDAP Attribute: Specify the outgoing claim type.
   E-mail Addresses: Enter the name ID.
   E-mail Addresses: Enter the email address.
   User-Principal-Name: Name
    
4. Click Finish.

Create a custom rule

To create a custom rule

1. On the Edit Claim Rules window, under Issuance Transform Rules tab, click Add Rule. The Select Rule Template page appears.
2. In the Claim rule template list, select Send Claims Using a Custom Rule, and then click Next. The Edit Rule – LDAP EMAIL window appears.
   
   
3. Enter the appropriate information as specified below:
   
   Claim rule name: Enter a name for the custom rule.
   Custom rule:  => issue (Type = "druva_auth_token", Value = "value of SSO Token generated from  inSync Console");
   
   
4. Click OK.

Before you begin  

Before you configure the single sign-on settings with inSync Cloud, ensure that you have an ID provider certificate. If you do not have an ID provider certificate, follow these steps:

1. On the Start menu, click Administrative Tools > ADFS 3.0 Management. The ADFS 3.0 Management window appears.
2. Expand the Service folder.
3. Click Certificates. The Certificates view appears in the right pane.
   
   
4. Under the Token-signing area, right-click the certificate. A list with additional options appears.
5. From tue list, click View Certificate. The Certificate window appears.
6. Click the Details tab and then click Copy to file. The Certificate Export Wizard appears.
   
   
7. On the Certificate Export Wizard, click Next. The Export File Format page appears.
8. Select DER encoded binary X.509 (.CER), and then click Next.
   
   
9. On the File to Export page, type the file name as Cert.cer, and then click Next.
10. Click Finish.
11. Open and edit the cert.cer file in a Notepad. The certificate opens in the following format:
    
     “-----BEGIN CERTIFICATE-----
    
    
        ………. …..
    
    
       -----END CERTIFICATE-----"
12. Copy the content of the cert.cer certificate and provide it when you configure the single sign-on using the inSync Management Console.

Configure the single sign-on settings

To configure the single sign-on settings

1. On the inSync Management Console menu bar, click  > Settings.

2. Click the Single Sign-on tab and then click Edit.

3. Provide the following appropriate information.

4. Enter appropriate information based on the descriptions provided below. Below are the SAML attributes and the description of the same:
    

   SAML Attribute	Description/Value
   ID Provider loigin URL	https://{fqdn-name of the ADFS server}/adfs/ls (for e.g.    https://sts.druva.ga/adfs/ls)
   ID Provider Certificate	Provide the content of the idpert.cer certificate.
   AuthnRequests Signed	SAML Authentication Requests are not signed by default. Select this checkbox to get signed SAML Authentication Requests.
   Want Assertions Encrypted	Encryption is disabled by default. Select the checkbox to enable encryption for SAML assertions.

5. Click Save.