Skip to main content


 

 

druva_logo.pngDruva
|
Documentation

How can we help you?

Trending articles:

 

Druva Documentation

How to configure SSO for Druva Cloud Platform (DCP) using Google as IdP

  1. Last updated
  2. Save as PDF
Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

 

This article applies to:

  • Product edition: inSync Cloud using Druva Cloud Platform (DCP) 
  • Only a Druva Cloud administrator can set up Single Sign-on. 
  • Configure Single Sign-on based on the applicable scenarios:

Overview

This article describes how to configure SSO for Druva Cloud Platform using Google as IdP.

The configuration is performed in four steps:

  • Configure Druva Cloud Platform to work with Google IdP
  • Update schema and authorization values for Google IdP
  • Map token to user
  • Update attribute mapping

Configure Druva to work with Google IdP

  1. Log in to Google IdP Admin Console (https://admin.google.com)
  2. Click on Apps from the quick launch.
  3. Click on Web and Mobile Apps.
  4. Click on Add app and the click on Add custom SAML app
  5. Fill out App name , Description, add App Icon if required.
  6. Click Continue
  7. Copy the SSO URL and also download the certificate.
  8. Click on Continue
  9. Go to Druva Cloud Admin page > Hamburger Menu > Druva Cloud Settings > Single Sign-On.
  10. Click Edit and paste the SSO URL under ID Provider Login URL.
  11. Under ID Provider Certificate, paste the content of the certificate that you downloaded before and click Save.
  12. Go back to the Google Admin page and continue with custom app creation. 
    On the next screen, enter values as specified below:
    Assertion Consumer Service URL: https://login.druva.com/api/commonlogin/samlconsume
    Entity ID: DCP-login
  13. Start URL and Signed Responses are not required here.
  14. Under Name ID, select Set Name ID Format as Email. 
  15. Basic Information > Primary Email. 
  16. Click on Continue
  17. Under Attributes, select Add New Mapping and enter the following values.
  18. Click on Finish. The app should now be published. 
  19. Under User access make the app ON for everyone

The custom app is now configured successfully. Update the schema to enable the app to work as expected. 

Update schema and authorization values for Google IdP

Google IdP does not allow entering a custom field value for their SAML apps. There are third-party applications that require an additional value in addition to SAML response to authenticate the SAML response.

Druva requires Single Sign-On (SSO) token to validate the SAML response. If the IdP is Google, there is no direct alternative to add the SAML token and the schema has to be extended for the IdP. In addition, the token value must be mapped for every user.

Update schema:

  1. Open the URL: https://developers.google.com/admin-sdk/directory/v1/reference/schemas/insert#try-it
    This opens the Schemas:insert page. 
  2. Enter customerId as my_customer
  3. Enter the following content under Request body.

    {
       "displayName": "Druva", 
    "fields": [
          {
            "displayName": "Druva", 
            "fieldName": "DruvaAuth",
            "fieldType": "STRING",
            "multiValued": false,
            "readAccessType": "ALL_DOMAIN_USERS",
      }
    ],
    "schemaName": "Druva"
    }
     
    DruvaAuthReqBody.png
  4. Click Execute. The output must be 200 OK. This means the execution was successful. 

    ExecuteScriptDruvaAuth.png

With the above steps executed, a new field name Druva is displayed under Basic Information Authorization.

Map token to user

  1. Go to Google Admin Home page (https://admin.google.com/AdminHome)
  2. Click Users and then click the concerned username.
  3. Click User Information and then under User details select Druva option.
    Schema name Druva with a field to enter SSO token under Druva is displayed.

    screenshot 3a.png
  4. On a separate browser, log on to Druva Cloud Platform Console and click AdminSettingMenu.png > Settings > Single Sign-On.
  5. Click Generate SSO Token.
  6. Copy the SSO token under Druva.

    4 (2).png
  7. Click Update User.

The schema is now updated and the authorization field is also configured. 

Update attribute mapping

To perform attribute mapping:

  1. Log on to https://admin.google.com with your Administrative credentials.  
  2. Go to Apps > SAML Apps and select the custom application created for Druva.  
  3. Once the app opens, select Attribute Mapping and click Add New Mapping.  
  4.  Under Application Attribute, enter the value as – druva_auth_token
  5. Under category, select Druva. (This value is populated after extending the schema). 
  6. Under Select User Field, choose the value DruvaAuth (The value is populated after updating the Authorization page)  and save the changes. The field must appear as below.

    screenshot 2a.png

The app is now ready for use. In rare cases, the app may take up to 24 hours to get activated.

Enable SSO for administrators

  1. On the DCP console, go to Settings.

    DCPSettings.png
  2. On the Single Sign-On settings, click Edit. The Edit Single Sign-On Settings page opens.
  3. Select the Enable Single-On for AdministratorsFailsafe for Administrators is enabled by default.

    SSOForAdmin.png
    Druva recommends to enable Failsafe for Administrators so that they have to access the DCP console in case of any failures in IdP (ADFS). It also enables the admins to use both SSO and DCP password to access the DCP console.
  4. Click Save.
    This enables the access to Druva Cloud Platform using SSO.

Enable SSO for users

To enable SSO for users, enable SSO for an existing user profile. Alternatively, create a new profile and enable SSO for this profile. Subsequently, assign the users to this profile to enable access using SSO.

Step-1: Create a new profile or update an existing profile

Log in to the inSync Management Console and click Profiles on the menu bar.

Step-2: Assign users to the profile