Skip to main content
Druva Documentation

How to configure inSync GovCloud SSO for users using PingOne as IdP?

This article applies to inSync GovCloud (https://govcloud.druva.com).

Configure inSync GovCloud SSO for users using PingOne as IdP

This configuration is performed the following order:

  1. Generate SSO authentication token
  2. Configure the PingOne app
  3. Configure Druva inSync GovCloud to use PingOne
  4. Enable SAML in Druva inSync GovCloud

Generate SSO authentication token

You need to keep the SSO authentication token handy, generated through this procedure when you configure the PingOne app.  To generate the SSO token:

  1. Log on to inSync Management Console.
  2. Click Settings and open the Single Sign-On tab.
  3. Click Generate SSO Token

    SSOGenToken.png
  4. Click Copy to save the token to the Clipboard or copy it to a notepad for future use.

Configure the PingOne app

Prerequisites:

  • Administrator credentials of PingOne 
  • SSO authentication token generated from the inSync Management Console

Procedure:

  1. Log on to PingOne console using the administrator credentials (https://admin.pingone.com).
  2. On the dashboard, go to the Applications page and click Application Catalog.
  3. Check for Druva and click ► against the entry, as shown in the image below. 

    AppCatalogWindow.png
  4. Click Setup from the drop-down menu to begin configuration. The SSO Instructions page is displayed.
  5. Skip the SSO Instructions page by clicking on Continue to Next Step
  6. Click Continue to Next Step. The Configure your connection page is displayed.
  7. Edit the following fields as mentioned below.
    ACS URL: https://govcloud.druva.com/wrsaml/consume
    Entity ID: druva-govcloud
    Single Logout Endpoint: https://govcloud.druva.com/webrestore/dologout
  8. Click Continue to Next Step.
  9. Select SAML_SUBJECT as Identity Bridge Attribute for application attributes 1, 3 and 4, as shown in the image below.

    AppAttributeWindow.png
  10. For application attribute 2, insync_auth_token, enter the SSO authentication token generated from the inSync Management Console and also select As Literal.
  11. Click Continue to next Step.
  12. Change the name of the app to suit your requirement. For example, you can enter Druva inSync-GovCloud.
  13. Change the Icon, Description, Category as required and click Save and Public.
  14. On the Review Setup page, perform the below activities and keep the details handy for future use:
    • Copy the idpid value from Initiate Single Sign-On (SSO) URL  to a notepad, as shown below.

      SSOURL.png
    • Download the Signing Certificate.

Configure Druva inSync GovCloud to use PingOne

  1. Log on to inSync Management Console and click Settings.
  2. Open the Single Sign-on tab and click Edit.
  3. On the Single Sign-On Configuration window, update the following details:
    ID Provider Login URL: Append the idpid value from the notepad at the end of the following URL and copy the entire URL to this field.
    https://sso.connect.pingidentity.com...O.saml2?idpid=

    SSOSettingWindow2.png
    ID Provider Certificate: Open the "Signing Certificate" downloaded in the last section with a notepad and copy its content to this field. Make sure that the formatting of the certificate remains intact while opening it in a text editor. 
  4. Click Save

Enable SAML in Druva inSync GovCloud

Enable Single Sign-On for the desired users from the Druva GovCloud portal.  This can be done at the profile level. Hence, it is necessary to assign the users with a profile enabled with the SSO instead of inSync Password or Active Directory. 

  1. Login to the inSync GovCloud Console.
  2. Go to Manage > Profiles.
  3. Click Backup Policies and click Edit.

    EditProfileWindow.png
  4. Under Access policies set Log-in using to Single Sign-on.
  5. Click Save.