This article describes the steps to configure SSO for Druva inSync Cloud using Okta as IdP.
The configuration is performed in the following order:
Configuring the Okta Druva App
Prerequisite: Ensure the Application Username format is set to "Email" while creating the app. Due to a known issue with Okta, the username mapping cannot be changed for existing users after the initial setup.
- Login to the Okta console using the configured URL. (This will be different for everyone. Mostly it’s in the following format: https://company-configured-name.okta.com)
- In Okta, click Add Application and the click Create New App. Create a New Application Integration wizard will open.
- Select SAML 2.0 and click Create.
- Under Configure SAML section, enter the following details:
- Single sign on URL: https://cloud.druva.com/wrsaml/consume
- Audience URI (SP Entity ID): druva-cloud
- Name ID format: EmailAddress
- Under Advanced Settings, set Response as Signed.
- Under ATTRIBUTE STATEMENTS section, set
Value: Enter the auth token obtained from inSync Management Console within quotation marks (For example: “A-16620-5232-jbzFc96F3EhGyG+uh2c+kDj+QgVQuS2keB8DD/LtwVs=”)
- To generate the auth token from inSync Management Console:
- Login to the inSync Management Console.
- Go to Settings and open the Single Sign-on tab.
- Click Generate SSO Token.
- Click Copy and copy the token in the Okta system.
- On this page you can download the OKTA certificate which you have to paste in inSync Management Console. (This step is optional at this moment as the same certificate will be available at a later stage as well)
- Save the settings and click Next.
- In the Feedback section, if you can select I’m an Okta customer adding an internal app and provide feedback or else select I’m a software vendor. I’d like to integrate my app with Okta and click on Finish.
- Under Sign-On Options, ensure that SAML 2.0 is selected and information is entered as shown in the following screenshot.
- Click View setup instructions. This directs you to to the Setup SSO page. The page contains all the relevant information that needs to be entered on the inSync Management Console.
The details in the image will be different for every organization.
Copy the Certificate from the box as shown to a text editor (preferably Notepad++ or WordPad) and then copy it to the inSync Management Console from the text editor.
Configure the inSync Management Console to use Okta
- Login to the inSync Management Console and click > Settings.
- Go to the Single Sign-On Tab. Click the Edit button under Single Sign-on Settings.
- Enter the details as obtained in previous steps.
- Click Save.
- Import the users on the Okta admin page and assign users.
Enable SAML on inSync Management Console
Login to Druva Cloud portal and enable the option to login using “Single Sign On” for desired users (This can be only done at Profile level and not user level). It is necessary to have the users assigned to a specific profile who are privileged to use SSO instead of inSync Password or Active Directory.
- On the [[Adminconsole}}, select the profile on which you want to configure SSO.
- In general tab, under User Privacy & Access select Single Sign-on as Login mechanism.
Configure the inSync Management Console to use Okta for inSync Administrators
- On the inSync Management Console, go to Druva Cloud Settings.
- On the Single Sign-On settings, click Edit. The Single Sign-On Settings page is displayed.
- Select Enable single sign-on for administrators and ensure Failsafe for administrators is selected by default.
Failsafe for Administrators enables the administrator to use both SSO and DCP password to access the DCP Console. Hence, Druva recommends enabling Failsafe for administrators as they can access the respective management console in case of any failures in IdP.
- Click Save.