Skip to main content
Druva Documentation

How to Configure Phoenix SSO using OneLogin as IdP?

  • Only a Druva Cloud administrator can set up Single Sign-on. 
  • Configure Single Sign-on based on the applicable scenarios:
    • New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 must refer to the instructions given in the article: Set up single sign-on on the Druva Cloud Platform Console
    • Existing Phoenix customers who have already configured Single Sign-on must continue to use the existing settings as described in this article.

Configure the OneLogin Druva Phoenix App

  1. Login to the One Login console using the url
  2. Go to Apps > Find Apps.
  3. Search for Druva Phoenix and click it.
  4. If required, change the app name and icon and click Save.
  5. Go to the Configuration tab and enter the following values:
    1.     RelayState: Admin
    2.     SSO Token: Enter the token value copied from the Phoenix Management Console. Refer article Generate SSO token.
  6. Go to SSO tab and copy the values obtained from the following steps to a separate text file for later use:
    •     Click on view details under X.509 Certificate and copy the certificate body. 
    •     Go back to the previous page and copy SAML 2.0 Endpoint (HTTP).


Enable settings in Phoenix Console to support SSO

  1. Login to Phoenix Management Console.
  2. Go to Settings_icon.png > Phoenix Settings > Single Sign-On.
  3. Click Edit under Single Sign-On Configuration .
  4. In ID Provider Login URL, enter the SAML 2.0 Endpoint (HTTP) URL copied earlier.
  5. In ID Provider Certificate, enter the X.509 Certificate copied earlier.
  6. If required, select the AuthnRequests Signed checkbox.  , if you want signed SAML Authentication Requests. By default, SAML Authentication Requests are not signed.
  7. To get signed SAML authentication requests, select AuthnRequests Signed.
  8. To get encrypted SAML assertions, select Want Assertions Encrypted.

  9. Click Save.
  10. Click Edit under Single sign-on Settings and select the following:
    •     Enable Single Sign-On for Admins
    •     Allow failsafe access to cloud admins
  11. Click Save.

 Note: Next time when you try to login to Phoenix Management Console, only enter the Admin’s email ID (without password) and the page must redirect you to OneLogin page. After a successful authentication from OneLogin, Admins will have access to the Phoenix Admin Console.