Skip to main content

How can we help you?

Druva Documentation

How to restrict inSync Client activation and Web access to corporate devices using ADFS

License editions: To understand the applicable license editions, see Plans & Pricing.

Overview

This topic describes how customers can leverage Active Directory Federation Services (ADFS) to configure settings that will help restrict activation of the inSync Client and access to inSync Web console from corporate devices only.

A corporate device is referred to as a device that has been added to the domain and is logged on to the corporate network.

Perform the following steps to impose the client activation and web access restrictions using ADFS,

Step 1: Create a certificate authentication for single sign-on

Step 2: Verify access to inSync Web by using single sign-on

Step 3: Verify activation of inSync Client by using single sign-on

Step 1: Create a certificate authentication for single sign-on

Overview

As an IT administrator, you configure an enterprise CA, which issues a user certificate to all devices that join the corporate network. This user certificate is used to validate corporate devices during Single-sign-on (SSO) to inSync Cloud. After successful authentication, inSync users can access inSync Web or activate inSync Client from the corporate devices.

Note: The user certificate could be already available on corporate devices in most of the organizations.

Before you begin

Before you begin, ensure that you have the following deployment setup available in your organization environment:

  • ADFS 3.0 is deployed in your organization.
  • AD certificate services (ADCS) are enabled.
  • All devices are connected to the corporate network.

Procedure

  1. Install and configure ADFS 3.0 for inSync Cloud SAML integration.
    This allows inSync users to access inSync Cloud by using single sign-on. Users are not required to log on separately to inSync Cloud. For more information, see How to install and configure ADFS 3.0 with inSync Cloud
  2. (Optional) Create a certificate template in your local enterprise CA, and enroll that template by using a group policy object for all users in your organization.
    The group policy object lets you control which users and devices can read the template and enroll the certificates. For more information, see Set up automatic certificate enrollment in Active Directory.
    Note: You can skip this step, if your organization has already enrolled corporate devices by deploying certificates.
  3. Configure the ADFS authentication policy to enforce certificate authentication.
    After the inSync user logs on to inSync Cloud from the corporate device, the ADFS authentication policy validates the installed certificate and then allows access to inSync Cloud.
    To configure ADFS authentication policy

    • In the ADFS Management Console, under Configure Authentication Policies > Edit Global Primary Authentication and then select Certificate Authentication.
      Edit_global_authentication_policy.png

      |View larger image|

Step 2: Verify access to inSync Web by using single sign-on

Overview

As an inSync user, you can log on to inSync Web from your corporate device after the IT administrator configures the certificate authentication in your organization. During single sign-on, the ADFS authentication policy validates the installed certificate and then allows access to inSync Web.

Before you begin

Ensure that single sign-on configured for inSync users. For more information, see Configure single sign-on for inSync users.

Procedure

To log on to inSync Web from your corporate device

After successful authentication of the certificate, the inSync Web opens on the default web browser on your corporate device.

  1. Open https://cloud.druva.com/home from the web browser of your corporate device.
  2. Enter your inSync user email ID that was shared with you by the inSync administrator in an activation email. You are not required to type your password.
    Login_screen.png

     

  3. On the Confirm Certificate dialog box, click OK to confirm the certificate.
    Internet_Explorer.png
    Note: The Confirm Certificate dialog box is displayed because the certificate authentication is configured on ADFS Server, and the certificate is already installed on the corporate device. On non-corporate device, the certificate is not available and users cannot log on to inSync Web.

After successful authentication of the certificate, the inSync Web opens on the default web browser on your corporate device.
new_share_5.5.png

Step 3: Verify activation of inSync Client by using single sign-on

Overview

As an inSync user, you can activate inSync Client on your corporate after the IT administrator configures the certificate authentication in your organization. During single sign-on, the ADFS authentication policy validates the installed certificate and then allows activation of inSync Client.

Before you begin

Ensure that single sign-on configured for inSync users. For more information, see Configure single sign-on for inSync users.

Procedure

To log on to inSync Web from your corporate device

  1. Install and configure inSync Client on the corporate device.
  2. Double-click inSync icon. The Activate Your inSync window appears.
    inSync_Client.png
  3. Provide the appropriate information for each field, and then click Activate.
  4. On the Confirm Certificate dialog box, click OK to confirm the certificate.
    Confirm_user.png

    A message appears which states that the certificate is being authenticated.

  5. Click Allow to allow inSync Cloud to run the inSync Client application on the corporate device.
    inSync Client is successfully activated on the corporate device.