Druva SAML certificate can be uploaded only for Okta custom application. Not applicable for default Druva application in Okta.
When we enable encryption assertion for SSO under Druva, to complete the encryption we require a saml signing certificate.
DCP admin can download the cert from Druva SSO settings. DCP Admin have the option to enable encryption for their SAML assertions during SSO configuration using Certificate Service Provider (Druva) SSL certificates. You can download the certificate by following below steps.
Login to Druva using DCP admin.
On the druva admin portal, click on the hamburger menu and click the ‘Druva cloud settings’.
In the Single Sign-On section, click Edit. The Edit Single Sign-On Settings window appears.
Checkbox the ‘AuthnRequests Signed’ and ‘Encrypt Assertions’ options to get the certificate.
Download the certificate.
Using Encrypted assertion will encrypt the saml response from the IDP (like Azure, Okta) by the SP certificate (i.e., Druva certificate).
Steps to update Druva SSO SAML cert on Okta.
Once you have downloaded the Druva sso cert from the Druva console, you need to follow the below steps to update the Cert on Okta.
Open Druva SSO custom application in OKTA
Under SAML Settings - Show advanced settings -
Select ‘Encrypted’ under ‘Assertion Encryption’ and upload the certificate as shown in the picture.
Click next and Finish.