Overview
This guide outlines the steps to configure Single Sign-On (SSO) for the Druva Cloud Platform using Microsoft Entra ID as the Identity Provider (IdP). By enabling SSO, users can securely access Druva services with their existing Microsoft 365 credentials, streamlining authentication processes.
Configuration steps:
Configure the Druva app on the Entra ID portal.
Configure Microsoft Entra ID for Single Sign-On.
Configure Druva Cloud Platform to use Microsoft Entra ID login.
Assign users/groups in Microsoft Entra ID to the Druva app.
Enable SSO for administrators.
Enable SSO for users.
❗ Important
Only a Druva Cloud Administrator can set up SSO.
Configure Single Sign-on based on the applicable scenarios:
New inSync customers (on-boarded after July 14, 2018) must configure Single Sign-on using the Druva Cloud Platform Console. For more information, see Set up Single sign-on.
Existing inSync customers who have not configured Single Sign-on until July 14th, 2018, must configure Single Sign-on using the Druva Cloud Platform Console. For more information, see Set up Single sign-on.
Step 1: Configure the Druva App on the Entra ID Portal
Log in to the Microsoft Entra ID Portal using a Global Administrator account.
Navigate to Identity > Applications > Enterprise Applications.
Select All Applications and click New Application.
4. In the search bar, type "Druva" and select the Druva application.
5. Rename the application if needed (e.g., ‘Druva SSO’ or ’Druva Cloud Platform’) and click Create.
📝 Note
The name of the application can be modified as required. For example, Druva or Druva Cloud Platform.
6. The new enterprise application will be created -
7. Once the app is created, go to Enterprise Applications, select "Druva SSO App," and navigate to Manage > Properties. To identify the application distinctly, upload an image/logo here and click Save when done.
Step 2: Configure Microsoft Entra ID for Single Sign-On
To configure Microsoft Entra ID SSO:
On the Druva application integration page in the Entra ID portal, click Single Sign-On.
Choose SAML-based Sign-on as the SSO method.
3. Under Basic SAML Configuration, ensure the following parameters are correctly filled and saved:
Identifier (Entity ID):
For Public Cloud: DCP-login
For Dell Apex: DCP-login
For Gov Cloud: DCP-loginfederal
For Gov Cloud (FIPS): DCP-govlogin
Note: If you need to configure entity IDs that are not pre-filled in the app, you will need to create a custom SSO app.
Reply URL (Assertion Consumer Service URL):
For Public Cloud:
For Dell Apex:
For Gov Cloud:
For Gov Cloud (FIPS):
4. Download the SAML Signing Certificate (Base64 format) and save it locally as Druva SSO.cer.
5. Copy the Login URL from the SSO setup page and save it for later steps.
Step 3: Configure Druva Cloud Platform to Use Microsoft Entra ID Login
Generate SSO Token.
Configuring User Attributes and Claims.
Deploy SAML Certificate (Base64) from Entra ID to Druva
Steps to generate the Single Sign-On (SSO) token:
Log in to the Druva Admin Console
Use your Druva Cloud Administrator credentials to access the console.Navigate to Druva Cloud Settings
Click on the hamburger menu (☰) in the top-left corner.
Under the Administration section, select Druva Cloud Settings.
Generate the SSO Token
Locate the Single Sign-On section on the settings page.
Click on Generate SSO Token.
A window will appear displaying the SSO token.
4. Save the SSO Token
Copy the token and save it to a notepad or document for later use during configuration.
Ensure no additional spaces are included when copying the token.
Configuring User Attributes and Claims:
To set up user attributes and claims for the Druva SSO application, follow these steps:
Navigate to Druva SSO application on the Entra ID Portal. Access the Attributes & Claims Configuration section.
2. Click Add New Claim to begin adding attributes.
3.
Attribute Name | Value |
emailAddress | user.mail |
druva_auth_token | SSO token generated from the Druva Admin Console (ensure no quotation marks). |
4. Enter the attributes listed below:
Example Token: X-XXXXX-XXXX-S-A-M-P-L-E+TXOXKXEXNX=
Note: Entra ID automatically adds quotation marks around the druva_auth_token.
5. Click Save to apply the changes.
6. Once saved, the User Attributes & Claims page will display the updated attributes.
Steps to Deploy SAML Certificate (Base64) from Entra ID to Druva:
Log in to the Druva Admin Console as a Druva Cloud Administrator.
Click on the hamburger menu (top-left corner) and select Druva Cloud Settings.
In the Single Sign-On section, click Edit.
Copy the Login URL obtained from Step 2, point 6 (e.g., https://login.microsoftonline.com/xx...xxxxxxxx/saml2) and paste it into the ID Provider Login URL field.
5. Open the Certificate (Base64) file (e.g., Druva.cer), downloaded in Step 6, in the Text editor tool, and copy its entire content. Paste it into the ID Provider Certificate field.
6. Click Save.
Step 4: Assign users/groups in Microsoft Entra ID to the Druva SSO app.
Follow these steps to assign users or groups to the Druva SSO app in Entra ID:
Navigate to Enterprise Applications
Log in to the Entra ID portal and go to Enterprise applications > All applications.
Select the Druva SSO application created during the initial configuration.Add Users or Groups
Click Users and groups > Add user/group.
In the Add Assignment window, select Users and groups.
3. Select Users or Groups
In the Users and groups window, choose the users or groups you want to assign to the Druva app from the list.
Ensure each selected user or admin account has a corresponding account in the Druva Cloud Platform.
4. Complete the Assignment
Click Select in the Users and groups window.
Click Assign in the Add Assignment window to finalize the assignment.
Step 5: Enable SSO for Administrators
To enable Single Sign-On for administrators, follow these steps:
Log in to the Druva Console as Druva Cloud Administrator.
Access Single Sign-On Settings
Click the hamburger menu (☰) in the top-left corner.
Navigate to Druva Cloud Settings.
Edit SSO Settings
In the Single Sign-On section, click Edit.
Select Administrators log into Druva Cloud through SSO provider.
Enable Failsafe for Administrators (Recommended)
Druva recommends enabling the Failsafe for Administrators option to provide access to the DCP console in case of IdP failures.
This option allows administrators to log in using either SSO or their DCP password.
5. Click Save to enable SSO access for administrators.
Step 6: Enable SSO for Users
Note: This section applies to inSync users. If you intend to use SSO for Druva Phoenix, please skip this section.
To enable Single Sign-On for users, follow these steps:
Step 1: Create or Update a User Profile
To create a New Profile with SSO Enabled: Refer Create a Profile.
To enable SSO in an Existing Profile: Refer Update a Profile.
Step 2: Assign Users to the SSO-Enabled Profile
Assign users to the SSO-enabled profile by following the steps in the Update Profile Assigned to Users guide.