Skip to main content
Configure Single Sign-On with Azure AD for Managed Services Center

Learn about how to configure SSO with Azure AD for Managed Services Center

Updated over a month ago

Overview

Using Azure AD as an Identity Provider, administrators can allow users to sign in directly to Managed Services Center.

Keep the following information handy
ACS URL (Reply URL): https://login.druva.com/api/commonlogin/mspsamlconsume
Audience URI (Entity ID):MSC-login

Procedure

Step 1: Create your own application in Azure

  1. Launch Azure and go to the Azure Active directory.

  2. Go to the Enterprise applications section, and then click new application.

  3. Click the create your own application button. This opens a new screen to create a new application

  4. Name the application, and then select Integrate any other application you don't find in the gallery (non-gallery) option.

  5. Click the Create button.

Step 2: Edit basic SAML configuration

  1. Go to the Manage section, and then click Single Sign-on.

  2. Select the Single Sign-on method as SAML. This opens a set-up Single Sign-on with SAML screen.

  3. In the basic SAML configuration section, click the Edit button and update the following details:

    • Identifier (Entity ID):MSC-login

    • Reply URL (ACS URL): https://login.druva.com/api/commonlogin/mspsamlconsume

    Azure_SSO_Basic_SAML.png
  4. Click the Save button, and then close the basic SAML configuration screen.

Step 3: Edit attributes and claims

  1. In the Attributes & Claim section, click the Edit button.​

    Azure_attributes_and_claims.png
  2. Ensure the Unique User Identifier (Name ID) under the required claim is mapped with User Principal Name (UPN) or email address.
    Note:This value should match the email address used for MSC Administrators.

  3. Click the Add new claim button, and when the manage claim screen opens, update the following details:

    • Name:druva_auth_token

    • Source attribute:Paste SSO token generated in MSC

    Note:To generate the SSO token, Sign in to Managed Services Center > Settings > Access Settings > Generate SSO Token.

  4. Click the Save button, and then close the Attributes & Claim screen.

Step 4: Get IdP login URL and IdP certificate

  1. In the SAML Certificates section, download the Certificate (Base64).

    Download_Azure_SSO_URL.png
  2. Open the certificate in the text editor and copy the text.

  3. Paste the certificate text in Managed Services Center while configuring SSO settings.

  4. Copy the Login URL from the Set up <app name> section.

    Copy_IdP_login_URL_Azure.png
  5. Navigate to Managed Services Center and paste the IdP login URL while configuring the SSO settings.

Step 5: Manage users

  1. Go to the Manage section, and then click Users and group.

  2. Click the Add users/group button, and then select users to assign the application.

    Assign_app_to_users_in_Azure.png
  3. Click the Assign button.

(Optional) SAML Authentication requests and encrypt assertions

The AuthnRequests Signed and Encrypt assertions are optional settings in Managed Services Center. If you want to add more security to your SSO, you can enable these settings.

Procedure

Step 1: Enable AuthnRequests Signed or Encrypt Assertions setting

  1. Sign in to Managed Services Center.

  2. Go to Settings > Access Settings.

  3. In the Single Sign-on section, click Configure SSO (if this is your first time configuring SSO) or click Edit to modify existing settings. This will open the Single Sign-on Settings window.

  4. In the ID Provider Configuration section, select the checkbox for AuthnRequests Signed or Encrypt Assertions.

  5. Click the Save button to complete the action.

Step 2: Save the SSO SAML certificate

  1. Copy the following SSO SAML Druva certificate and save it in a .cer format to update it in your IdP:

-----BEGIN CERTIFICATE----- MIII1jCCB76gAwIBAgIQDkkz4BakMOMKdVy+94znqjANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIzMDIxNzAwMDAwMFoXDTI0MDMxOTIz NTk1OVowgcYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMI RGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQF Ewc0ODI0NDY3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG A1UEBxMJU3Vubnl2YWxlMRMwEQYDVQQKEwpEcnV2YSBJbmMuMRgwFgYDVQQDEw9s b2dpbi5kcnV2YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm MpOVn2R8Y9AAUigJ3GwdaIBw8pR4Ez/7uokcGw5+hxBdNlylPoyHKBrtaZ1bDRaj KpLm9a38VOOD0ftbhTWQJwHkgJZ1ALeGZArbcc8OPRPVAYx7ofLkqP7hnkKGlZrn E317+7du2vrfyP3O5OrmBAprDgaLmcM5Y9B+Ce/n3euwWAEz/DkLn6HKHiz9mLXh Pd4v6ChHuW2f9fRPCTW6zHCCztoWEpggk7ETAZQP+/dWV570O/0caJW/6DXUWq01 9TWQEFBIgne37NTsjHa9+FSsUjCZHkR0oci6fbCcnrdU/gs0zDsdzKnLoT3s9ycB PR1YzSrICPpRxrIi0cI7AgMBAAGjggUOMIIFCjAfBgNVHSMEGDAWgBQ901Cl1qCt 7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUy9is/5NPZIBlGOIElH8NvuYJUL4wggG9 BgNVHREEggG0MIIBsIIPbG9naW4uZHJ1dmEuY29tghFjb25zb2xlLmRydXZhLmNv bYISZDFhdXRodjMuZHJ1dmEuY29tghVnb3ZkMWF1dGh2My5kcnV2YS5jb22CEmdv dmxvZ2luLmRydXZhLmNvbYIUZ292Y29uc29sZS5kcnV2YS5jb22CFGRlbGwtbG9n aW4uZHJ1dmEuY29tghZkZWxsLWNvbnNvbGUuZHJ1dmEuY29tgg5kZWxsLmRydXZh LmNvbYIXZGVsbC1nb3Zsb2dpbi5kcnV2YS5jb22CGWRlbGwtZ292Y29uc29sZS5k cnV2YS5jb22CEWdvdmRlbGwuZHJ1dmEuY29tghRnbG9iYWxhdXRoLmRydXZhLmNv bYIXZ2xvYmFsZ292YXV0aC5kcnV2YS5jb22CFWFwMS1jb25zb2xlLmRydXZhLmNv bYIaYXAxLWRlbGwtY29uc29sZS5kcnV2YS5jb22CGmFwMS1kMWF1dGh2My1kY3Au ZHJ1dmEuY29tghZhcDEtZDFhdXRodjMuZHJ1dmEuY29tghpkZWxsLWFwMS1jb25z b2xlLmRydXZhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2lj ZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMy5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0 LmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNlcnZlci1nMy5jcmwwSgYDVR0gBEMwQTAL BglghkgBhv1sAgEwMgYFZ4EMAQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5k aWdpY2VydC5jb20vQ1BTMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0 dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2Vy dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNl cnZlckNBLmNydDAJBgNVHRMEAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA dQB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYZelJIaAAAEAwBG MEQCIHDufjfLexvJkNgFpxATTlNODzl/Ldgn7cqUSc5gCYrpAiAda4xcfTcJDF61 C9sNjGKdrCvSVrEckSXCNQTTWWj7WAB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkq jGuAEHrBd3K1AAABhl6UkkEAAAQDAEcwRQIhALaSRUx5xzBKvkYbKsutTIDMP5Kz 6ckLvnduV2jnnnlfAiAaqbtH7JfQUturLdUYYUzx1j7zW8epl/TUwy18eKTG4QB2 AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhl6UkhEAAAQDAEcw RQIhAIPxlpSVc6lVGRCyaMQMBmPAKD7DIhhj3Bqf2/rsJR+RAiB8QzZojoz2Fzj5 M9tlmbMeL+J13+FaWKha1s6l3RGeLDANBgkqhkiG9w0BAQsFAAOCAQEAMM5vAR7X B29lBdIUMx5SbU+H9EO1O7EGfKysqyBjOj1s6tBsdqHnEsHTaTqPh0RcABRx55k7 6Cdgr22eFYegD9ScYrN6PFLsi6nqQdERF+WTNvBPL2U4F0jOJEmPUrwCln+top0s XAK5b37UDllE7MDyHQsPMP2T4HYwsA71FC8WBTq0Q91FBTYFRnkkuWvx1s6vfyEY TYnKDFsq/kBOKipGgkOdPPQAls1c6CPYHYR84v6X5faPvBdyNMd7F+Ns2WK1JZ0O dcbO6p64x4IT2Ig7KEW3O7tCh2MHSYBVg9T4rWLnP7zAYhnQ5Aq54ZIeTW+iiXm7 C4ZvtNnUAoD51w== -----END CERTIFICATE-----


❗ Important

This certificate will be the same for both AuthnRequests Signed and Encrypt Assertions.


Step 3: Upload SSO SAML Certificate to IdP

If Encrypt Assertions is enabled in Managed Services Center

  1. Copy the SSO SAML Druva certificate provided above and save it in a .cer format.

  2. Navigate to the Azure Application, and then go to S ecurity > Token Encryption.

  3. Click Import Certificate, and then select the Druva certificate that you saved in .cer format.

  4. Click Add, and then Activate token encryption certificate from the three-dot menu. Token encryption is enabled message appears.

  5. Navigate to Manage > Single sign-on > SAML Certificates, and then click Edit.

  6. Select either the Sign SAML response and assertion or the Sign SAML response sign-in option from the drop-down.

    Encrypt_assertions_certificate.png
  7. Click Save to update the sign-in properties.

Did this answer your question?