- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 must refer to the instructions given in the article: Set up single sign-on on the Druva Cloud Platform Console.
- Existing Phoenix customers who have already configured Single Sign-on must continue to use the existing settings as described in this article.
Configure the OneLogin Druva Phoenix App
- Login to the One Login console using the url https://app.onelogin.com/login.
- Go to Apps > Find Apps.
- Search for Druva Phoenix and click it.
- If required, change the app name and icon and click Save.
- Go to the Configuration tab and enter the following values:
- RelayState: Admin
- SSO Token: Enter the token value copied from the Phoenix Management Console. Refer article Generate SSO token.
- Go to SSO tab and copy the values obtained from the following steps to a separate text file for later use:
- Click on view details under X.509 Certificate and copy the certificate body.
- Go back to the previous page and copy SAML 2.0 Endpoint (HTTP).
Enable settings in Phoenix Console to support SSO
- Login to Phoenix Management Console.
- Go to > Phoenix Settings > Single Sign-On.
- Click Edit under Single Sign-On Configuration .
- In ID Provider Login URL, enter the SAML 2.0 Endpoint (HTTP) URL copied earlier.
- In ID Provider Certificate, enter the X.509 Certificate copied earlier.
- If required, select the AuthnRequests Signed checkbox. , if you want signed SAML Authentication Requests. By default, SAML Authentication Requests are not signed.
- To get signed SAML authentication requests, select AuthnRequests Signed.
- To get encrypted SAML assertions, select Want Assertions Encrypted.
- Click Save.
- Click Edit under Single sign-on Settings and select the following:
- Enable Single Sign-On for Admins
- Allow failsafe access to cloud admins
- Click Save.
Note: Next time when you try to login to Phoenix Management Console, only enter the Admin’s email ID (without password) and the page must redirect you to OneLogin page. After a successful authentication from OneLogin, Admins will have access to the Phoenix Admin Console.