Skip to main content

 

Druva Documentation

How to configure SSO for inSync On-Premise using the IDP Azure AD?

This article applies to:

  • OS: Windows
  • Product edition: inSync On-Premise 

Overview

This article describes the steps to configure SSO for Druva inSync On-Premise using the IDP Azure AD. 

Configure SSO for Druva inSync On-Premise 

The SSO is configured in the following order: 

  1. Configure a custom App for Druva inSync on Azure Portal
  2. Configure Azure AD single sign-on
  3. Configure Druva inSync On-Premise to use Azure AD login
  4. Assigning Users/Groups in Azure AD to use Druva inSync app. 
  5. Enabling single sign-on in inSync for Users and Administrators. 

Configure a custom App for inSync on Azure Portal

  1. Log on to the Azure Portal (URL: portal.azure.com) using Azure Administrator account. 
  2. Navigate to Azure Active Directory > Enterprise applications.

    AzureNavigation.png
     
  3. On the Enterprise applications page, click New application.
    Note: You must have an Azure AD Premium account to access and create a new application. 
  4. Click All > Non-gallery Application.

    AddApplication.png
     
  5. Enter a Display Name of the Application as Druva inSync and click Add.  The Application will be added.
  6. You can now configure the Application Settings by navigating to Azure Active Directory -> Enterprise Applications -> All Applications
  7. To configure the Application Settings, navigate to Azure Active Directory > Enterprise Applications > All Applications.
  8. Click Druva inSync Application and it will take you to the app configuration page. 
  9. Navigate to Manage > Properties. Configure the settings as shown in the image below.

     DruvaInSyncProperties.png
  10. Upload a Druva inSync Logo to identify the application easily and click Save.

Configure Azure AD single sign-on

  1. To configure Azure AD single sign-on with Druva, perform the following steps:
  2. On the Azure Portal, on the Druva inSync application integration page, click Single sign-on.

    AppIntPage.png
  3. On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable SSO.

    SSOwindow.png
  4. Under the Druva Domain and URLs section, enter the following values.
    Identifier: druva-cloud
    Reply URL: https://<ip of the Server or FQDN of the Server>/wrsaml/consume

    DomainAndURLs.png
  5. Under User Attributes, set User Identifier to user.mail and select View and edit all other user attributes.

    UserAttributes.png
  6. Under SAML Token Attributes, delete all the attributes that are added by default.
  7. Add the attributes mentioned in the table below to ensure that the order of attributes and case of the Attribute Name is preserved. 
    Attribute Name Value
    emailAddress user.mail
    userPrincipalName user.userprincipalname
    insync_auth_token Enter the token generated
     
    1. To add an attribute, follow the below steps. 
      1. Click Add attribute to open the Add Attribute window.
      2. In the Name field, enter the attribute name shown for that row.
      3. In the Value list, enter the attribute value shown for that row.  (The token generated value is explained later in the tutorial.)
      4. Click Ok.
    2. To generate SSO token please refer to the below document.
      https://docs.druva.com/010_002_inSync_On-premise/inSync_On-Premise_5.9.6/030_Get_Started_Backup_Restore/020_Configure_single_sign-on_for_inSync/050_Generate_SSO_token

      SAMLTokenAttributes.png
  8. On the SAML Signing Certificate section, click Metadata XML and then save the certificate file locally on your system.

    ManageSAMLCertificate.png
  9. Select Make new certificate active.

    MakeNewCertActive.png
  10. On the Druva Configuration section, click Configure Druva to open Configure sign-on window. 

    ConfigDruva.png
  11. Copy the SAML Single Sign-On URL from the Quick Reference section.

    ConfigSSOWindow.png

 

Configure Druva inSync On-Premise Server to use Azure AD login

  1.  In a separate web browser window, log on to https://<ip of the Server or FQDN>/admin as an administrator.
  2. Navigate to  AdminSettingMenu.png > Settings.
  3. On the Single Sign-On Settings window, add the details as described below:
    ID Provider Login URL Enter the SAML Single Sign-On URL copied earlier.
    ACS FQDN/IP Enter the IP address of the inSync Master or Edge Server
    ID Provider Certificate Open your Druva inSync.xml file in notepad, copy its content in the ID Provider Certificate text box.
    AuthenRequests Signed   Clear the checkbox
    Want Assertions Encrypted Clear the checkbox
     SSOSettingForPingOne.png
  4. Click Save.

Assigning Users/Groups in Azure AD to use Druva inSync app

  1. On the Azure portal, open the applications view.
  2. Navigate to the directory view > Enterprise applications and click All applications.

    AzurePortalMenu.png
  3. In the applications list, select Druva inSync.
  4. In the menu on the left, click Users and groups.
  5. Click Add and select Users and groups on Add Assignment window.

    AddAssig.png
  6. On the Users and groups window, select the Users or Group that you want to assign the Druva App, in the Users list. 
  7. Since Auto-provisioning the users using Azure AD is not configured, ensure that the User or Admin account selected has a corresponding account created in inSync. 
  8. Click Select button on the Users and groups window.
  9. Click Assign on the Add Assignment window.

Enabling single sign on in inSync for Users and Administrators

Enable single sign-on for User Logon

https://docs.druva.com/010_002_inSyn..._SSO_for_users

Enable Single Sign-on for Administrators

https://docs.druva.com/010_002_inSyn...administrators