Skip to main content
All CollectionsKnowledge BaseDruva Cloud PlatformHow To - Druva Cloud Platform
How to configure SSO for DCP Administrators using PingFederate as IdP
How to configure SSO for DCP Administrators using PingFederate as IdP
Updated over a week ago

This article applies to:

  • Product edition: Druva Cloud Platform (DCP)


This article describes the steps to configure SSO for Druva Cloud Platform using PingFederate as IdP. The configuration involves the following main tasks:

❗ Important

  • Only a Druva Cloud administrator can set up Single Sign-on.

  • Configure Single Sign-on based on the applicable scenarios:

    • New Druva customers that is; Phoenix customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.

    • Existing Phoenix and inSync customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Phoenix and the Single Sign-on settings of inSync as applicable.

Generate SSO Token from DCP Console

  1. Log in to the DCP Console and on its menu bar click the account icon > Settings.

  2. Click Generate SSO Token.

  3. Click Copy. The token gets copied to the clipboard.

  4. Copy the token in a text file and keep the file available for future use.

Configure the PingOne app


  • Administrator credentials of PingOne

  • SSO authentication token generated from the DCP Console.


  1. Log in to PingOne console with the administrator credentials ( )

  2. From the dashboard, open the Applications page and click Add Application > New SAML Application.

  3. Enter the Application Name, Application Description, and Category as appropriate.

  4. Click Next and enter the values as specified below:
    Assertion Consumer Service (ACS):
    Entity ID: DCP-login

  5. Leave default values in the remaining fields and click Continue to next step.

  6. Click Add new attribute and enter the values as shown in the illustration below:


    • druva_auth_token:Enter the SSO authentication token value and also select As Literal. If you do not wish to use As Literal, enclose the authentication token in double quotation ("") marks, such as "X-XXXXX-XXXX-S-A-M-P-L-E+TXOXKXEXNX="

    • email Address:SAML_SUBJECT

    • userPrincipalName:SAML_SUBJECT

  7. Click Save and Publish.

  8. On the Review Setup page:

  9. Copy IdP ID value from Initiate Single Sign-On (SSO) URL as shown in the in the image below.

  10. Download the Signing Certificate.
    Keep the above details available for future use.

Configure DCP to use PingOne

  1. Log in to the DCP Console and on its menu bar click the account icon > Settings.

  2. Click Edit against Single Sign-On and update each field as directed in the table below:

    • ID Provider Certificate:Open the Signing Certificate that was downloaded in the earlier procedure in a notepad and copy its content to this field. Take care to keep certificate formatting intact in the text editor.

    • Single Sign-On for Administrators:Select.

    • Failsafe for Administrators:


      💡 Tip

      Druva recommends enabling this fields initially. Failsafe for Administrators enables the administrator to use both SSO and DCP password to access the DCP Console. This ensures access to the DCP Console even if SSO is impacted due to any change in the IdP.

  3. Click Save.
    On all subsequent attempts to log in to DCP Console, provide the administrator's email ID and DCP directs to the IdP page to authenticate using SSO.

Did this answer your question?