Overview
The Okta integration provides secure identity and access management for the Druva platform. It enables Single Sign-On (SSO), allowing users to authenticate using existing Okta credentials. This simplifies user access while strengthening security through centralized identity policies. The integration supports multi-factor authentication and conditional access controls. IT teams benefit from streamlined user provisioning and de-provisioning. This reduces administrative overhead and improves security posture. Together, Druva and Okta deliver a seamless and secure authentication experience.
❗ Important
Only a Druva Cloud administrator can set up Single Sign-on.
Configure Single Sign-on based on the applicable scenarios:
Enterprise Workload customers on-boarded after 02 July 2018 and inSync customers on-boarded after 14 July 2018 must refer to the instructions given in this article.
Existing Endpoints, SaaS Apps and Enterprise Workload customers who already have configured Single Sign-on, must continue to use the existing Single Sign-on settings of Enterprise Workloads and the Single Sign-on settings of Endpoints as applicable.
Applicability
This article is applicable only to the customers on Druva public cloud using okta idP. Because Okta inbuilt “Druva 2.0” application is hardcoded with the SSO parameters based on the public cloud. For GovCloud customers, Okta inbuilt “Druva 2.0” application is not applicable. GovCloud customers with Okta IdP, please refer the article: Configure SCIM and Single-Sign On between Druva GovCloud and OKTA - Druva Documentation
The configuration is performed in the following order:
Configure the Druva application on Okta
Login to Okta admin console using your Okta admin credentials.
Click on the Left top hamburger Menu , click Applications > Applications.
3. You will see the page like below
4. Click on Browse App Catalog and search for Druva 2.0
5. Click Add
6. Add the required Application label and Click Done. A new application gets created.
7. Open the Sign On tab
8. Scroll down and Click View Setup Instructions.
9. In a new browser tab, login to the Druva console as a Druva cloud admin.
10. From the Druva console dashboard , go to Global Navigation Menu -> Druva Cloud Settings Druva cloud Settings.
11. Edit the Single Sign on section .
12. Add the ID Provider Login URL , ID Provider Certificate details. These details are available in the new browser tab that is opened when following the Step.8
13. Save
14. Click on the 3-dot menu and Generate the SSO Token.
15. Paste this token in the Druva application created in the OKTA on the field “SAML Auth Token” in the Advanced Sign-on Settings
16. Open the Assignments tab and assign this application to the intended Okta users.
💡 Tip
Druva 2.0 app can be used to configure both SCIM and SSO.
Enable SSO for inSync and Phoenix Administrators
Login to the DCP console and go to Druva cloud Settings.
On Single Sign-On Settings, click Edit. The Edit Single Sign-On Settings page opens.
Select the Enable Single-On for Administrators. Failsafe for Administrators is enabled by default.
It is recomended to enable Failsafe for Administrators so that they have to access the DCP console in case of any failures in IdP . It also enables the admins to use both SSO and DCP password to access the DCP console.
Click Save.
This enables the access to DCP using SSO.
Enable SSO for the users
To enable SSO for users, either enable SSO for an existing user profile or create a new profile and enable SSO for the new profile. Subsequently, assign the users to the profile enabled with SSO, as indicated below:
To enable SSO for users:
Login to the inSync Management Console and either create a new profile or update an existing one. Refer the Create a profile or Update a profile section for the steps.
Assign users to the profile with SSO enabled. Refer Update the profile assigned to users section for the steps.