Skip to main content
Druva Documentation

How to configure SSO for Phoenix using the IDP Azure AD

  

 

  • Only a Druva Cloud administrator can set up Single Sign-on. 
  • Configure Single Sign-on based on the applicable scenarios:
    • New Phoenix customers on-boarded after July 2, 2018, must refer to the instructions given in the article: Set up Single sign-on.
    • Existing Phoenix customers who have already configured Single Sign-on must continue to use the existing settings as described in this article. 

Overview

This article describes the steps to configure SSO for Phoenix using the IDP Azure AD.

The SSO is configured in the following order: 

  1. Configure a custom App for Druva Phoenix on Azure Portal
  2. Configure Azure AD single sign-on
  3. Configure Druva Phoenix Cloud to use Azure AD login
  4. Assigning Users/Groups in Azure AD to use Druva Phoenix app

Configure SSO for Druva Phoenix Cloud using the IDP Azure AD

Configure a custom App for Phoenix on Azure Portal

  1. Log on to the Azure portal (URL: portal.azure.com) 
  2. Log on using Azure Administrator account. 
  3. Navigate to Azure Active Directory > Enterprise Applications.


     
  4. On the Enterprise applications page, click New application.
  5. Click All > Non-gallery Application.

    NonGallaryApp.png
  6. Enter Druva Phoenix as the display name of the application and then click Add
    Druva Phoenix will be added as an application.  
  7. Navigate to Azure Active Directory > Enterprise Applications > All Applications and configure the Application Settings
  8. Click  Druva Phoenix Application. The application configuration page opens.
  9. Go to Manage > Properties and if required, upload an image of this application for easy identification.
  10. Click Save.

Configure Azure AD single sign-on

To configure Azure AD single sign-on with Phoenix, perform the following steps:

  1.  On the Druva Phoenix application integration page of the Azure portal, click Single sign-on.
  2. On the Single sign-on window, select Mode as SAML-based Sign-on to enable single sign-on.
  3. Under the Druva Domain and URLs section, enter the following values.
    1. Identifier: druva-phoenix
    2. Reply URL: https://phoenix.druva.com/wrsaml/consume

      PhoenixDomainURL.png
  4. Under User Attributes
    1. Set User Identifier to user.mail.
    2. Select View and edit all other user attributes.

      UserAttributes.png
  5. Under User Attributes:
    • Set User Identifier to user.userPrincipleName (make sure that this value matches the email ID of Admin created in Druva).
    • Select View and edit all the user attributes.
  6. Under SAML Token Attributes, delete all the attributes that are added by default.

    SAMLTokenAttribs3.png
  7. Add the attributes in the table below and ensure that the order of attributes and case of the Attribute Name is preserved. 
    Attribute name Value
    emailAddress user.mail
    userPrincipalName user.userprincipalname
    phoenix_auth_token SSO Token generated from Phoenix Admin Console

    SAMLTokenAttribs4.png

    Note: To generate the Phoenix token, log in to Phoenix Management Console and go to Settings > Single Sign On > Generate SSO Token.
     
  8. On the SAML Signing Certificate section, click Certificate(Base64) and save the certificate file on your system.
  9. On Druva Configuration section, click Configure Druva to open Configure sign-on window. 

    ConfigDruva.png

  10. Copy the SAML Single Sign-On Service URL from the Quick Reference section.

    ConfigSSOWindow.png

  11. Click Save. 

Configure Druva Phoenix Cloud to use Azure AD login

To configure Single Sign-on:

  1. On a different web browser window, log on to Druva Management Console as an administrator.
  2. Go to Settings_icon.png > Phoenix Settings > Single sign-on > Single sign-on Configuration > Edit.
  3. Copy the URL saved earlier in this configuration to ID Provider Login URL section.
  4. Open the certificate downloaded earlier and copy the entire content in ID Provider Certificate section.
  5. Click Save.
  6. On the same page, click Edit under Single Sign-On Settings.
  7. Enable both the options as shown below:

    EditSSOSettings.png
  8. Click Save.

Druva recommends enabling Allow failsafe access to Druva Cloud administrators(recommended). This allows the Administrators to use both SSO as well as their Druva Passwords for authentication.

Assigning Users/Groups in Azure AD to use Druva Phoenix app

  1. On the Azure portal, open the applications view.
  2. Open the directory view and navigate to Enterprise applications > All applications.

    AzurePortalMenu.png
  3. Select  Druva Phoenix from the applications list.
  4. In the menu on the left, click Users and groups.
  5. Click Add and select Users and groups on the Add Assignment window.

    AddAssig.png
  6. On Users and groups dialog, select the Users or Group that you want to assign the Druva Phoenix app, in the Users list. 
  7. Ensure that the User or Administrator account selected has a corresponding account created in Phoenix.
  8. Click Select on Users and groups window.
  9. Click Assign on Add Assignment window.