- Only a Druva Cloud administrator can set up Single Sign-on.
- Configure Single Sign-on based on the applicable scenarios:
- New inSync customers (on-boarded after July 14, 2018) must configure Single Sign-on using the Druva Cloud Platform Console. For more information, see Set up Single sign-on.
- Existing inSync customers who have not configured Single Sign-on until July 14th, 2018, must configure Single Sign-on using the Druva Cloud Platform Console. For more information, see Set up Single sign-on.
This article describes the steps to configure SSO for Druva inSync Cloud using the IdP Okta.
Configuring the Okta Druva App
Prerequisite: Ensure the Application Username format is set to "Email" while creating the app. Due to a known issue with Okta, the username mapping cannot be changed for existing users after the initial setup.
- Login to the Okta console using the configured URL. (This will be different for everyone. Mostly it’s in the following format: https://company-configured-name.okta.com)
- In Okta, click onAdd Application,search for Druva and click on Add button.
- Under General settings page, enter the following details
- Enter the inSync Auth Token from Druva inSync. To generate it, the steps are as follows
- Sign into Druva inSync Cloud as an admin.
- Select Manage > Settings and select the Single Sign-On Tab.
- Click Generate SSO Token.
- Click on Copy and paste in the Okta system.
- Save the settings and click on Next button.
- Under Sign-On Options, ensure that SAML 2.0 is selected and information is entered as shown in the following screenshot.
- Click on View setup instructions button and this will direct you to Setup SSO page, which will contain all the relevant information that needs to be entered in Druva Cloud Portal.
Note: These details will always be different as they are company specific.
- Copy the Certificate details from the box as shown and ensure to paste it in a text editor tool (preferably Notepad++ or WordPad) first, rather than directly pasting it in the Druva Cloud Portal. (This will eliminate the chances of incorrect formatting.)
Configuring the Druva inSync Cloud to use Okta
- Log on to the Druva inSync Cloud admin console and click > Settings.
- Go to the Single Sign-On Tab. Click the Edit button under Single Sign-on Settings.
- Enter the details as obtained in previous steps.
- Click Save.
- On the Okta admin page, click on Next which will take you to next configuration where we need to assign users. This can be either done by adding the users manually or by registering an Active Directory server on Okta. (You can add the users manually later by clicking on Directory tab on Okta.)
- Click on Next button which will complete the setup, then click on Done.
- Click on the Applications tab and you will see the Druva application added as shown in the following figure.
- You need to assign the Druva Application to the added users by following the below steps.
- On Okta page, click on Directory tab – People option.
- Click on the user from the list and click on Assign Applications – select Druva from the list.
- Users should have received an activation link for their Okta account on their linked e-mail addresses.
- After the accounts are activated from users, you can see the same on Okta admin page under Directory – People tab.
Enabling SAML in Druva inSync Cloud
Login to Druva Cloud portal and enable the option to login using “Single Sign On” for desired users (This can be only done at Profile level and not user level). Hence, it is necessary to have the users assigned to a specific profile who are privileged to use SSO instead of inSync Password or Active Directory.
- On the inSync Cloud admin console click on Manage>Profiles.
- Select the profile that you want to enable SAML for.
- Click on Backup Policies and click Edit.
- Under Access policies set Log-in using to "Single Sign-on". Click on Save.