Skip to main content

How can we help you?

Druva Documentation

How to configure inSync GovCloud SSO for inSync users using Azure AD as IdP

This article applies to:

  • Product edition: inSync GovCloud

Overview

This article describes the steps to configure SSO for inSync users to access inSync GovCloud using  Azure AD as IdP.

The SSO is configured in the following order:

  1. Configure a custom app for Druva inSync on Azure portal
  2. Configure settings in inSync GovCloud to use Azure AD as IdP
  3. Configure Druva inSync Cloud to use Azure AD login
  4. Assigning Users/Groups in Azure AD to use Druva inSync app
  5. Enable SAML in Druva inSync GovCloud

Configure a custom app for Druva inSync on Azure portal

  1. Log on to the Azure portal (URL: portal.azure.com)
  2. Log on using Azure Administrator account.
  3. Navigate to Azure Active Directory > Enterprise Applications.

    ConfigCustApp1.png
  4.  On the Enterprise applications page, click New application.
  5. Click All > Non-gallery application.

    ConfigCustApp2.png
  6. Enter Druva inSync as the as the display name of the application and then click Add. Druva inSync gets added as an application.  
  7. Navigate to Azure Active Directory > Enterprise Applications > All Applications and configure the Application Settings.
  8. Click  Druva inSync Application. The application configuration page opens.
  9. Go to Manage > Properties and configure the settings as shown in the image below.

    ConfigCustApp3.png
  10. Upload a Druva inSync Logo to identify the application easily and click Save.

Configure Azure AD single sign-on

To configure Azure AD single sign-on with Druva:

  1. On the Druva inSync application integration page of the Azure portal, click Single sign-on.

    SSOMenu.png
  2. To enable SSO, select method as SAML-based Sign-on on the Single Sign On window.

    SAMLBasedSSO.png
  3. Under the Basic SAML Configuration section, enter the following values.
    Identifier: druva-govcloud
    Reply URL: https://govcloud.druva.com/wrsaml/consume
    BasicSAMLConfig.png
  4. Under User Attributes & Claims:
    • Set User Identifier to user.mail.
    • Select View and edit all other user attributes.
  5. Under SAML Attributes, delete all the attributes that are added by default.
  6. Add the attributes in the order specified in the table below.  Ensure the order of attributes and case sensitivity of the Attribute Name is preserved.
     
    Order Attribute Name Value
    1 emailAddress user.mail
    2 userPrincipalName user.userprincipalname
    3 Insync_auth_token Enter the SSO token generated from inSync Management Console
  7. Add the above attributes as follows:
    1. Under User Attributes and claims click Add new claim to open the Add Attribute window.
    2. Enter the attribute name as shown for that row.
    3. Enter the respective attribute value from the Value column. The token generated value is explained later in the tutorial.
    4. Click OK. For information on generating SSO token, see Generate SSO token.

      SAMLTokenAttribs5.png
    5. On the SAML Signing Certificate section, click Certificate(Base64) and save the certificate file on your system.
    6. Copy the SAML Single Sign-On Service URL from the Quick Reference section.

      SetUpDruvainSync.png

Configure Druva inSync GovCloud to use Azure AD login

To configure Single Sign-on:

  1. Log on to the inSync Management Console and go to GearIcon.pngSettings.
  2. Open the Single Sign-On tab and click Edit.
  3. On the Single Sign-On Settings window, add the following details:
  4. ID Provider Login URL: Enter the SAML Single Sign-On Service URL copied earlier.
  5. ID Provider Certificate: Open your base-64 encoded certificate in notepad and copy the content to this field.
  6. Clear AuthnRequests Signed and Want Assertions Encrypted.
  7. Click Save.

Assigning Users/Groups in Azure AD to use Druva inSync app

  1. On the Azure portal, open the applications view.
  2. Open the directory view and navigate to Enterprise applications > All applications.

    EntAppMenu.png
  3. Select  Druva inSync from the applications list.
  4. In the menu on the left, click Users and groups.
  5. Click Add and select Users and groups on the Add Assignment window.

    AddUsersGroups.png
  6. On Users and groups dialog, select the Users or Group that you want to assign the Druva App in the Users list.
  7. Since Auto-provisioning the users using Azure AD is not configured, ensure that the user account selected has a corresponding account created in inSync.
  8. Click Select on Users and groups window.
  9. Click Assign on Add Assignment window.     

Enable SAML in Druva inSync GovCloud

Enable Single Sign-On for the desired users from the inSync Management Console.  This can be done at the profile level. Hence, it is necessary to assign the users with a profile enabled with the SSO instead of inSync Password or Active Directory.

  1. Login to the inSync Management Console.
  2. Go to Manage > Profiles  and select the profile where SSO needs to be enabled.
  3. Go to User Privacy & Access under the General tab and click Edit.
  4. Under Log-in using select Single Sign On.

    UserPrivacyAccess.png
  5. Click Save.
  • Was this article helpful?