Skip to main content

 

Druva Documentation

How to configure SSO for Druva inSync Cloud using the IDP Azure AD?

  

Configure SSO for Druva inSync Cloud using the IDP Azure AD

Configure a custom App for Druva inSync on Azure Portal

  1. Log on to the Azure portal (URL: portal.azure.com) 
  2. Log on using Azure Administrator account. 
  3. Navigate to Azure Active Directory > Enterprise Applications.


     
  4. On the Enterprise applications page, click New application.
  5. Click All > Non-gallery Application.

    NonGallaryApp.png
  6. Enter Druva inSync as the as the display name of the application and then click Add
    Druva inSync will be added as an application.  
  7. Navigate to Azure Active Directory > Enterprise Applications > All Applications and configure the Application Settings
  8. Click  Druva inSync Application. The application configuration page opens.
  9. Go to Manage > Properties and configure the settings as shown in the image below. 

    inSyncPropertiesPage.png
  10. Upload a Druva inSync Logo to identify the application easily.
  11. Click Save .

Configure Azure AD single sign-on

To configure Azure AD single sign-on with Druva, perform the following steps:

  1.  On the Druva inSync application integration page of the Azure portal, click Single sign-on.

    SSOMenu.png
  2. On the Single sign-on window, select Mode as SAML-based Sign-on to enable single sign-on.

    SAMLBasedSSO.png
  3. Under the Druva Domain and URLs section, enter the following values.
    1. Identifier: druva-cloud
    2. Reply URL: https://cloud.druva.com/wrsaml/consume

      inSyncDomainURLs.png
  4. Under User Attributes
    1. Set User Identifier to user.mail.
    2. Select View and edit all other user attributes.

      UserAttributes.png
  5. Under SAML Token Attributes, delete all the attributes that are added by default.
  6. Add the attributes in the table below and ensure that the order of attributes and case of the Attribute Name is preserved. 
  7. Add the attributes in the order and case specified in the table below:
    Attribute name Value
    emailAddress user.mail
    userPrincipalName user.userprincipalname
    insync_auth_token Enter the token generated 
    Follow these steps to add the above attributes:
    1. Click Add attribute to open the Add Attribute window.

    2. Enter the attribute name as shown for that row.

    3. Enter the respective attribute value from the Value column. The token generated value is explained later in the tutorial.

    4. Click OK.
      For information on generating SSO token, see Generate SSO token

      SAMLTokenAttributes.png

  8. On the SAML Signing Certificate section, click Certificate(Base64) and save the certificate file on your system.

  9. On Druva Configuration section, click Configure Druva to open Configure sign-on window. 

    ConfigDruva.png

  10. Copy the SAML Single Sign-On Service URL from the Quick Reference section.

    ConfigSSOWindow.png

Configure Druva inSync Cloud to use Azure AD login

  1. On a different web browser window, log on to inSync Management Console as an administrator.
  2. Go to  AdminSettingMenu.png > Settings.
  3. Open the Single Sign-On tab, click Edit.
  4. On the Single Sign-On Settings window, add the following details:
    1. ID Provider Login URL: Enter the SAML Single Sign-On Service URL copied earlier.
    2. ID Provider Certificate: Open your base-64 encoded certificate in notepad and copy the content to this field.
  5. Clear AuthnRequests Signed and Want Assertions Encrypted.

    SSOConfigWindow.png
  6. Click Save.

Assigning Users/Groups in Azure AD to use Druva inSync app

  1. On the Azure portal, open the applications view.
  2. Open the directory view and navigate to Enterprise applications > All applications.

    AzurePortalMenu.png
  3. Select  Druva from the applications list.
  4. In the menu on the left, click Users and groups.
  5. Click Add and select Users and groups on the Add Assignment window.

    AddAssig.png
  6. On Users and groups dialog, select the Users or Group that you want to assign the Druva App, in the Users list. 
  7. Since Auto-provisioning the users using Azure AD is not configured, ensure that the User or Admin account selected has a corresponding account created in inSync. 
  8. Click Select on Users and groups window.
  9. Click Assign on Add Assignment window.    

Enabling single sign-on in inSync for Users and Administrators

Refer the following articles form inSync documentation: