When we enable encryption assertion for SSO under Druva, to complete the encryption we require a saml signing certificate.
DCP admin can download the cert from Druva SSO settings. DCP Admin have the option to enable encryption for their SAML assertions during SSO configuration using Certificate Service Provider (Druva) SSL certificates. You can download the certificate by following below steps.
Login to Druva using DCP admin.
On the druva admin portal, click on the hamburger menu and click the ‘Druva cloud settings’.
In the Single Sign-On section, click Edit. The Edit Single Sign-On Settings window appears.
Checkbox the ‘AuthnRequests Signed’ and ‘Encrypt Assertions’ options to get the certificate.
Download the certificate.
Using Encrypted assertion will encrypt the saml response from the IDP (like Azure, Okta) by the SP certificate (i.e., Druva certificate).
Steps to update Druva SSO SAML cert on Azure AD.
Once you have downloaded the Druva sso cert from the Druva console, you need to follow the below steps to update the Cert on Azure.
1. Login to https://aad.portal.azure.com/ using a global admin account.
2. Click on the enterprise application and search for the Druva SSO application.
3. Click on the Token Encryption option and click on “Import Certificate”
4. Select the Druva Cert “.crt” file and add the cert.
5. Once added, click on the Ellipses menu (3 dots) at the extreme right of the added cert and click on “Activate Token encryption certificate”.
It will activate the encryption between Druva and Azure IdP.