Skip to main content

 

Druva Documentation

How to configure SSO for Druva inSync Cloud using PingOne as IdP?

OS: Windows, Mac, Linux

 

Product edition: inSync Cloud

 

Overview

This article describes the steps to configure SSO for Druva inSync Cloud using PingOne as IdP. The configuration involves the following main tasks:

Generate SSO authentication token

You need to generate the SSO authentication token and keep it handy as you require it when configure the PingOne app.
To generate the SSO token:

  1. Log on to inSync Management Console.
  2. On the menu bar, click  > Settings and open the Single Sign-On tab.
  3. Click Generate SSO Token.

You can click Copy to save the token to you clipboard and use it later.

Configure the PingOne app

It is assumed that you have administrator credentials of PingOne before you attempt this procedure. 

Prerequisite: SSO authentication token generated from inSync Management Console.

  1. Log on to PingOne console using your administrator credentials (https://admin.pingone.com).
  2. On the dashboard, go to Applications page and click Application Catalog.
  3. Check for Druva and click ► against the entry as shown in the image below. 


     
  4. Click Setup from the drop-down menu to begin configuration. The SSO Instructions page is displayed.
  5. Skip the SSO instructions and Configure your connection pages and open the Attribute Mapping page.
  6. Select SML_SUBJECT as Identity Bridge Attribute for application attributes 1, 3 and 4, as show in the image below.


     
  7. For application attribute 2, insync_auth_token, enter the SSO authentication token generated from inSync Management Console and also select As Literal.


     
  8. Proceed to "4. PingOne App Customization - Druva" page and then select "Save & Publish".
  9. On the 5. Review Setup page, perform the below activities:
  • Copy the idpid value from Initiate Single Sign-On (SSO) URL as shown below in a notepad:

  • Download the Signing Certificate.

Please keep both the above information handy as we will need it for next section.

Configure Druva inSync Cloud to use PingOne

  1. Log on to inSync Management Console.
  2. On the menu bar, click  > Settings and open the Single Sign-On tab and then click Edit.
  3. On the Single Sign-On Configuration window, update the below details:

    ID Provider Login URL: Add the idpid value from the notepad to the end of below URL and copy the complete URL to this field.

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=

    ID Provider Certificate: Open the "Signing Certificate" downloaded in the last section with a notepad and copy its content to this field. Make sure that the formatting of the certificate remains intact while opening it in a text editor.



    The information should look like above post updating the details.
  4. Save the configuration. 
  5. Finally, set Log-in using to Single Sign-On in the inSync profile of the user.

This completes the SSO configuration for end users. How to enable SSO for administrators is described below.

Enable SSO for administrators

To enable SSO for administrators:

  1. Log on to inSync Management Console.
  2. On the menu bar, click  > Settings and open the Single Sign-On tab and then click Edit. The Single Sign-On Settings window appears.
    Select the Enable single sign-on for administrators check box.


     
  3. Click Save.

Please review the warning carefully before making this change.