Skip to main content

How can we help you?

Druva Documentation

How to configure Okta as an SSO method for inSync authentication?

OS: Windows and Linux
Product edition: inSync On-Premise 5.8.1 and higher

 

Overview

This article explains the steps that inSync administrators need to perform in order to configure Okta as an SSO method for inSync user and administrator authentication. Once done, inSync users will be redirected to the webpage of Okta for authentication.

Configure Okta as SSO method

Prerequisites: You need to have SSO token handy before you begin this procedure. The steps to generate SSO token are available in the Configure SSO on inSync On-Premise admin console procedure in this section.

  1. Log in to Okta Admin Console
  2. Click Applications.
  3. Click Add Application.
  4. On the next screen, select Create New App.

    Okta_CreateNewApp.png
     
  5. Use the Sign on Method as SAML 2.0.
  6. Enter App name as  Druva On-Premise.
  7. Click Next.

    Okta_GenSettings.png
  8. Enter the details specified in the table on SAML settings:

    Okta_SAMLSetting.png
     
    Field name  Value

    Single Sign On URL

    https://<IP/FQDN of inSync Server>/wrsaml/consume

    Audience URL (SP Entity ID)

    druva-cloud

    Default Relay State

    Leave this field blank
     

    Name ID Format

    Email Address

    Application Username

    Email
     

  9. Configure following values in the respective fields under ATTRIBUTE STATEMENTS (OPTIONAL).

    Name

    Name format (optional)

    Value

    insync_auth_token

    Basic

    <Single Sign on token from Console>
     Enclose the authentication token in double quotation ("") marks, such as "X-XXXXX-XXXX-S-A-M-P-L-E+TXOXKXEXNX=" .

    mail

    Basic

    user.email

    Leave the Group Attribute Statements as blank.

  10. Click Next
  11. On the third tab, select I’m a software vendor. I’d like to integrate my app with Okta.

    Okta_HelpSupport.png
     
  12. Click Finish.
  13. On the next Settings tab, click View Setup Instructions.

    Okta_SettingsTab.png
     
  14. From the Setup Instructions tab, copy the following. Keep these values handy when you perform the configuration on inSync Management Console.
    • Identity Provider Single Sign-on URL
    • IdP Metadata to your SP provider
  15. Map Okta users to this Druva On-Premises application using following steps:
    1. Open Druva On-Premise application.
    2. Click People & choose Assign to People.
    3. Select the user for whom you want to allow SSO authentication.

Configuration of Okta as SSO method is now complete.

SSO configuration on inSync On-Premise Management Console

You need to configure Druva On-Premise Console to use SSO feature.

Prerequisites: Keep the Identity Provider Single Sign-on URL and iDP Metadata to your SP provider copied in earlier procedure handy before you begin this configuration.

  1. Login to inSync Management Console
  2. Click AdminSettingMenu.png > Settings
  3. Select Single Sign On tab.
  4. Generate the SSO token. You need to provide this token value to iDP under the attributes section.
  5. Click Edit.
  6. Enter the ID Provider Login URL and ID Provider Metadata XML obtained during Okta configuration.
  7. Enter IP address or FQDN of your inSync Mangement Server as ACL URL.
  8. Ensure AuthnRequests Signed and Want Assertions Encrypted are disabled.

Your SSO configuration is now complete and appears as below:

inSync._SSOConfigpng.png
 

Enable SSO authentication for users

SSO authentication must be enabled for inSync users as the last step to enable the SSO benefit for the users.

  1. On inSync Management Console, click Profile.
  2. Click the profile for which you want to enable SSO.
  3. Select Backup Policies and click Edit on under Retention and Access Policies.
  4. Set Log-in Using option to Single Sign On. Repeat these steps for every profile for which you want to enable SSO authentication.

    inSync_AccessPols.png
     

SSO is now enabled for all users assigned with this profile. inSync users can now use SSO for:

  • Accessing inSync User Web Console
  • Activating a new device
  • Reactivating existing device

Note: SSO cannot be used for Integrated Mass Deployment.