Overview
Using Okta as an Identity Provider, administrators can allow users to sign in directly to the Managed Services Center.
Keep the following information handy
ACS URL:
https://login.druva.com/api/commonlogin/mspsamlconsume
Audience URI (Entity ID):MSC-login
Procedure
Step 1: Launch Okta to select the sign-in method
In the Okta Admin Console, go to Applications > Applications.
Click Create App Integration.
Select SAML 2.0 as the Sign-in method.
Click Next.
Step 2: Configure General Settings
Specify the name of your app. You can use any name.
Add a logo for your app (optional).
If you want to hide your app from your users' homepage, select the App visibility checkbox (optional).
Step 3: Configure SAML General settings
Provide the Single Sign-on URL (Copy the ACS URL given in the overview section).
Provide the Entity ID (Copy the Entity ID given in the overview section).
Select the Email Address from the drop-down lists of formats for the Name ID format.
Step 4: Configure the SSO token obtained from Managed Services Center:
Generate and copy the SSO token from Managed Services Center.
Navigate to the OKTA Application, and go to Configure SAML tab. Under the Attribute Statements (Optional) section, enter the following attributes:
Name:druva_auth_token
Value:Paste SSO token generated in MSC
Click Next.
Step 5: Select the option to configure Druva MSC in Okta
Select I'm a software vendor. I'd like to integrate my app with Okta.
Click Finish. Your integration is created in your Okta org.
Step 6: Assign the MSC app to administrators (users)
Select the MSC app and go to the Assignment tab.
Click the Assign button from the top-left corner, and then select Assign to People from the drop-down list.
Search for administrators and click the Assign button available in front of that administrator.
If you want to change the user name, edit it and then click the Save and Go back button.
Note: The username should match the email address used for MSC Administrators.Click Done to complete the action.
Step 7: Get IdP login URL and Certificate
To update the Single Sign-on settings in the Managed Services Center
Copy the IdP login URL and certificate from Okta.
Go to Managed Services Center and paste the IdP login URL and certificate in the appropriate fields.
(Optional) SAML Authentication requests and encrypt assertions
The AuthnRequests Signed and Encrypt assertions are optional settings in Managed Services Center. If you want to add more security to your SSO, you can enable these settings.
Procedure
Step 1: Enable AuthnRequests Signed or Encrypt Assertions setting
Sign in to Managed Services Center.
Go to Settings > Access Settings.
In the Single Sign-on section, click Configure SSO (if this is your first time configuring SSO) or click Edit to modify existing settings. This will open the Single Sign-on Settings window.
In the ID Provider Configuration section, select the AuthnRequests Signed or Encrypt Assertions checkbox.
Click the Save button to complete the action.
Step 2: Save the SSO SAML certificate
Copy the following SSO SAML Druva certificate and save it in a .crt format to update it in your IdP:
-----BEGIN CERTIFICATE-----
MIIIlDCCB3ygAwIBAgIQBuws7eBFx5Kh+TnLgY9NsjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBFViBSU0EgQ0EgRzIwHhcNMjUwNDExMDAwMDAwWhcNMjYwNTEyMjM1
OTU5WjCByDETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE
ZWxhd2FyZTEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUT
BzQ4MjQ0NjcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYD
VQQHEwtTYW50YSBDbGFyYTETMBEGA1UEChMKRHJ1dmEgSW5jLjEYMBYGA1UEAxMP
bG9naW4uZHJ1dmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
5jKTlZ9kfGPQAFIoCdxsHWiAcPKUeBM/+7qJHBsOfocQXTZcpT6Mhyga7WmdWw0W
oyqS5vWt/FTjg9H7W4U1kCcB5ICWdQC3hmQK23HPDj0T1QGMe6Hy5Kj+4Z5ChpWa
5xN9e/u3btr638j9zuTq5gQKaw4Gi5nDOWPQfgnv593rsFgBM/w5C5+hyh4s/Zi1
4T3eL+goR7ltn/X0Twk1usxwgs7aFhKYIJOxEwGUD/v3Vlee9Dv9HGiVv+g11Fqt
NfU1kBBQSIJ3t+zU7Ix2vfhUrFIwmR5EdKHIun2wnJ63VP4LNMw7Hcypy6E97Pcn
AT0dWM0qyAj6UcayItHCOwIDAQABo4IE+zCCBPcwHwYDVR0jBBgwFoAUak5Qv5ho
nVt7IHXUWQF5SGaSMgYwHQYDVR0OBBYEFMvYrP+TT2SAZRjiBJR/Db7mCVC+MIIB
vQYDVR0RBIIBtDCCAbCCD2xvZ2luLmRydXZhLmNvbYIRY29uc29sZS5kcnV2YS5j
b22CEmQxYXV0aHYzLmRydXZhLmNvbYIVZ292ZDFhdXRodjMuZHJ1dmEuY29tghJn
b3Zsb2dpbi5kcnV2YS5jb22CFGdvdmNvbnNvbGUuZHJ1dmEuY29tghRkZWxsLWxv
Z2luLmRydXZhLmNvbYIWZGVsbC1jb25zb2xlLmRydXZhLmNvbYIOZGVsbC5kcnV2
YS5jb22CF2RlbGwtZ292bG9naW4uZHJ1dmEuY29tghlkZWxsLWdvdmNvbnNvbGUu
ZHJ1dmEuY29tghFnb3ZkZWxsLmRydXZhLmNvbYIUZ2xvYmFsYXV0aC5kcnV2YS5j
b22CF2dsb2JhbGdvdmF1dGguZHJ1dmEuY29tghVhcDEtY29uc29sZS5kcnV2YS5j
b22CGmFwMS1kZWxsLWNvbnNvbGUuZHJ1dmEuY29tghphcDEtZDFhdXRodjMtZGNw
LmRydXZhLmNvbYIWYXAxLWQxYXV0aHYzLmRydXZhLmNvbYIaZGVsbC1hcDEtY29u
c29sZS5kcnV2YS5jb20wSgYDVR0gBEMwQTALBglghkgBhv1sAgEwMgYFZ4EMAQEw
KTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f
BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0RVZS
U0FDQUcyLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0RVZSU0FDQUcyLmNybDBzBggrBgEFBQcBAQRnMGUwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA9BggrBgEFBQcwAoYxaHR0cDovL2NhY2Vy
dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0RVZSU0FDQUcyLmNydDAMBgNVHRMBAf8E
AjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdwCWl2S/VViXrfdDh2g3CEJ3
6fA61fak8zZuRqQ/D8qpxgAAAZYizxT5AAAEAwBIMEYCIQCd0dINniL4ge7pfEFv
ROD1VTTymsTpB1xaE+liIYZyKgIhAOCOGa7VaASAYZNLZJ5zTh3eONaNGTqKpk7Q
AmG0AmRhAHUAZBHEbKQS7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGWIs8V
AQAABAMARjBEAiBOrPOGTs4G5dtzu09qGJQpMNgyrhM1kQFJSteqqWnkgwIgeCxB
v1aGJ++TbSTrhLZq2lYzcT35s9RXeFyXP+vBz4wAdQBJnJtp3h187Pw23s2HZKa4
W68Kh4AZ0VVS++nrKd34wwAAAZYizxULAAAEAwBGMEQCICq36xmG36R1YFo6TPPp
bJtk9SvsaaLA59BhugykaMb8AiAZ14tE5FFUKU6QjUCWKsj9JLgVsKHvdAfMKj9A
3tlKsDANBgkqhkiG9w0BAQsFAAOCAQEAVNaFzyqu/I6lSHVVbq5q47312V2ZosqN
q2yUBMDNItg3f5pfNmiMKmu5NU3aZlapdS1GIzkUP1KWQfd0IgIzgwcosNkPUrg5
pn+uHHCG54Paq3VxxQ+l7QfFcEvDwxPFDTHx5fCPTUCsLeXCgHXv5joAtqfr7jfE
R6soWeYfh7pJLq3Iiij0wgrSUfoDBJ0R9ZTLmcNleze4CmwQLhmhxoeCm+G4a1f6
Rz/QPuEySZE2T9Za3F2VhCFF6J/h/Q2HbVQ7eN0iiOJ+jyW8DQ+OChHNGHcna9cZ
5Gchmom/utVnDDWFCKp7wF5xGmiPK8cxjlsRysWWMp1fq1iiaZXjQQ==
-----END CERTIFICATE-----
❗ Important
This certificate will be the same for both AuthnRequests Signed and Encrypt Assertions.
Step 3: Upload SSO SAML Certificate to IdP
Copy the SSO SAML Druva certificate provided above and save it in a .crt format.
Navigate to the OKTA Application, search and select the application from the list.
In the General tab, edit the SAML settings.
Click Next, and then click Show Advanced Settings in the Configure SAML tab.
Change “Assertion Encryption” from Unencrypted to Encrypted.
Click Browse files for the Encryption Certificate, and then select the saved SSO SAML Druva certificate.
Click the Next button, and then click Finish on the feedback tab to complete the update.