Skip to main content

Configure Single Sign-On with Azure AD for Managed Services Center

Learn about how to configure SSO with Azure AD for Managed Services Center

Overview

Using Azure AD as an Identity Provider, administrators can allow users to sign in directly to Managed Services Center.

Keep the following information handy
ACS URL (Reply URL): https://login.druva.com/api/commonlogin/mspsamlconsume
Audience URI (Entity ID):MSC-login

Procedure

Step 1: Create your own application in Azure

  1. Launch Azure and go to the Azure Active directory.

  2. Go to the Enterprise applications section, and then click new application.

  3. Click the create your own application button. This opens a new screen to create a new application

  4. Name the application, and then select Integrate any other application you don't find in the gallery (non-gallery) option.

  5. Click the Create button.

Step 2: Edit basic SAML configuration

  1. Go to the Manage section, and then click Single Sign-on.

  2. Select the Single Sign-on method as SAML. This opens a set-up Single Sign-on with SAML screen.

  3. In the basic SAML configuration section, click the Edit button and update the following details:

    Azure_SSO_Basic_SAML.png

  4. Click the Save button, and then close the basic SAML configuration screen.

Step 3: Edit attributes and claims

  1. In the Attributes & Claim section, click the Edit button.​

    Azure_attributes_and_claims.png

  2. Ensure the Unique User Identifier (Name ID) under the required claim is mapped with User Principal Name (UPN) or email address.
    Note:This value should match the email address used for MSC Administrators.

  3. Click the Add new claim button, and when the manage claim screen opens, update the following details:

    • Name:druva_auth_token

    • Source attribute:Paste SSO token generated in MSC

    Note:To generate the SSO token, Sign in to Managed Services Center > Settings > Access Settings > Generate SSO Token.

  4. Click the Save button, and then close the Attributes & Claim screen.

Step 4: Get IdP login URL and IdP certificate

  1. In the SAML Certificates section, download the Certificate (Base64).

    Download_Azure_SSO_URL.png

  2. Open the certificate in the text editor and copy the text.

  3. Paste the certificate text in Managed Services Center while configuring SSO settings.

  4. Copy the Login URL from the Set up <app name> section.

    Copy_IdP_login_URL_Azure.png

  5. Navigate to Managed Services Center and paste the IdP login URL while configuring the SSO settings.

Step 5: Manage users

  1. Go to the Manage section, and then click Users and group.

  2. Click the Add users/group button, and then select users to assign the application.

    Assign_app_to_users_in_Azure.png

  3. Click the Assign button.

(Optional) SAML Authentication requests and encrypt assertions

The AuthnRequests Signed and Encrypt assertions are optional settings in Managed Services Center. If you want to add more security to your SSO, you can enable these settings.

Procedure

Step 1: Enable AuthnRequests Signed or Encrypt Assertions setting

  1. Sign in to Managed Services Center.

  2. Go to Settings > Access Settings.

  3. In the Single Sign-on section, click Configure SSO (if this is your first time configuring SSO) or click Edit to modify existing settings. This will open the Single Sign-on Settings window.

  4. In the ID Provider Configuration section, select the checkbox for AuthnRequests Signed or Encrypt Assertions.

  5. Click the Save button to complete the action.

Step 2: Save the SSO SAML certificate

To save SAML certificate, follow the given steps:

  1. Visit https://login.druva.com/login.

  2. Click the Security icon (Padlock or Tune icon) in the browser address bar.

  3. Select Connection is secure, then click Certificate is valid.

  4. In the Details tab, click Export and save the file with a .cer extension.

❗ Important

This certificate will be the same for both AuthnRequests Signed and Encrypt Assertions.

Step 3: Upload SSO SAML Certificate to IdP

If Encrypt Assertions is enabled in Managed Services Center

  1. Copy the SSO SAML Druva certificate provided above and save it in a .cer format.

  2. Navigate to the Azure Application, and then go to S ecurity > Token Encryption.

  3. Click Import Certificate, and then select the Druva certificate that you saved in .cer format.

  4. Click Add, and then Activate token encryption certificate from the three-dot menu. Token encryption is enabled message appears.

  5. Navigate to Manage > Single sign-on > SAML Certificates, and then click Edit.

  6. Select either the Sign SAML response and assertion or the Sign SAML response sign-in option from the drop-down.

    Encrypt_assertions_certificate.png

  7. Click Save to update the sign-in properties.

Related Articles
Set up Single Sign-On (SSO) with Managed Services Center
Configure Single Sign-On with Okta for Managed Services Center
Configure Single Sign-On with SAML 2.0 supported IdP for Managed Services Center
How to configure SSO for Druva Cloud Platform using Entra ID as IdP
How to Update Druva SSO SAML Certificate on Azure IdP
Did this answer your question?