Skip to main content

How can we help you?

Druva Documentation

How to configure SSO for Druva Cloud Platform using OneLogin as IdP

 

This article applies to:

  • Product edition: Druva Cloud Platform (DCP)
    This article applies to Phoenix/inSync Administrators and inSync users, based on the settings configured. 

Overview 

This article describes the steps to configure SSO for Druva Cloud Platform using OneLogin as IdP. 

The configuration involves the following tasks:

  1. Generate SSO Token from the DCP Console.
  2. Create and configure a custom app on the OneLogin console.
  3. Configure DCP with OneLogin 
  • Only a Druva Cloud administrator can set up Single Sign-on. 
  • Configure Single Sign-on based on the applicable scenarios:
    • New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article. 
    • Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.

 

Generate SSO Token from the DCP Console 

To generate the SSO token:

  1. Log in to the DCP Console and on its menu bar click the account icon > Settings.
  2. Click Generate SSO Token.
  3. Click Copy. The token gets copied to the clipboard.
  4. Copy the token in a text file and keep the file available for future use.

Configure the OneLogin App 

To configure the OneLogin app:

Prerequisites: 

  • Administrator credentials of OneLogin

  • SSO authentication token generated from the DCP Console.

Procedure:

  1. Log in to OneLogin console with the administrator credentials.

  2. Go to Apps > Add Apps and type SAML Custom  in the search box.

  3. Click on SAML Custom Connector (Advanced)

  4. Give the Display Name  and click Save.

  1. Open the Configuration tab and enter the details as suggested below:
     

Name

Value

ACS (Consumer) URL

https://login.druva.com/api/commonlogin/samlconsume 

Audience (Entity ID)

DCP-login

ACS (Consumer) URL Validator

https://login.druva.com/api/commonlogin/samlconsume 

  1. Open the Parameters tab and click Add Parameter.

  2. Enter the following details in the respective fields and click Save:
    Name:  druva_auth_token

Flags: Select Include in SAML assertion and press Save button

8. Select Value: Macro from the drop down and copy the SSO authentication token generated from the DCP console in the text box below and hit the save button.


 

9. Click Add Parameter again and enter the following details in the respective fields and click Save:
Name:  emailAddress
Flags: Select Include in SAML assertion

Value: Email

  1. Open the SSO tab and click View Details under X.509 Certificate.

  2. Copy the X.509 Certificate to a text file for future use.

  3. Copy the SAML 2.0 Endpoint (HTTP) URL to a text file for future use.


     

Configure DCP to use OneLogin

To configure SSO on DCP:

  1. Log in to the DCP console and click the account icon > Settings from the menu bar. 

  2. Click Edit against Single Sign-On and enter the values based on the description below:
     

Name

Value

ID Provider Login URL

Copy the SAML 2.0 Endpoint (HTTP) URL copied earlier

ID Provider Certificate

Copy  X.509 Certificate that we copied earlier. Do not leave out any blank spaces

Single Sign-On for Administrators

Select to enable SSO for the Administrator login. (Optional)

Failsafe for Administrators

Select to enable administrators to access DCP Console using both SSO and DCP passwords. 

Druva recommends enabling Allow failsafe access to Druva Cloud administrators (recommended). This enables DCP Administrators to use both SSO  and Druva passwords for authentication.


  1.  

  2. Click Save.

Important : On all subsequent attempts to log in to DCP Console, use the administrator's email ID and DCP directs to the IdP page to authenticate using SSO.

Assign Druva App to users on OneLogin

  1. Log in to OneLogin console.

  2. Go to Users and click All Users.
    The All Users page is displayed.

  3. Click a username to see the user details. The details are displayed on the User Details page.

  4. Click the Application tab on the User Details page. The User Applications page is displayed.

  5. Click + (plus sign) to add a new application. The Assign New Login page displayed.

  6. Set an option from the Select Application list and click Continue. The edit application login page is displayed.

  7. Verify the details and click Save.

  • Was this article helpful?