Skip to main content
How to configure Okta SSO with CloudRanger
Updated over 7 months ago

Overview

This article provides the steps to configure SSO for CloudRanger (DCP) using Okta as IdP.


📝 Note
CloudRanger only supports service provider initiated SSO from the management console. IDP-based SSO directly from Okta is not supported.


The configuration is performed in the following order:

  1. Configure the CloudRanger SSO application on Okta.

  2. Contact Druva Support to get the SSO configuration set up in CloudRanger.

  3. Update the CloudRanger SSO application on Okta with the correct ‘Assertion Consumer Service URL’ and ‘SP Entity ID’.

Procedure

Step 1: Configure the CloudRanger SSO application on Okta

  1. Create a new web application in Okta, select the Sign on method as SAML 2.0,and click Create.

    Okta1.PNG
  2. Name the App, select the Do not display application icon to users checkbox, and click Next.

    Okta2.PNG
  3. Use the following values in the General Section.

  • Single Sign on URL

https://cloudranger.auth0.com/login/...nection=XYZSSO
  • Audience Restriction: urn:auth0:cloudranger:XYZSSO

  • Name ID format: EmailAddress

  • Application username: Email

Okta3.PNG
  1. Add the following parameter values in the Attribute Statements section and then click Next.

  • email_verified: true

  • email: user.email

Okta4.PNG
  1. Select the App type as Internal and click Finish.

    Okta5.PNG
  1. Now that the App is created, click View Setup Instructions under the Sign On tab and copy the Identity Provider Single sign-On URL,and then save it in a notepad.

  2. Download the X509 certificate and save this as well.

Step 2: Contact Druva Support to get the SSO configuration setup in CloudRanger

  1. Contact Druva Support and provide the following information so that the configuration can be completed in CloudRanger backend.

  • Identity Provider Single sign-On URL that you copied in the previous step

  • X509 certificate that you downloaded

  • The email domain(s) your users will be logging in with, such as "example.com"

  • The SAML sign out URL (optional)

2. Druva Support will provide you the correct values for the following parameters once SSO has been configured in the backend.

  • Single Sign on URL

  • Audience Restriction

Step 3: Update the CloudRanger SSO application on Okta

  1. Open the CloudRanger SSO application in Okta and go to the General tab.

  2. Click the Edit button under SAML Settings.

    Okta6.PNG

  3. In the Configure SAML section, update the provided values for the following attributes.

  • Single sign on URL

  • SP Entity ID

Okta7.PNG

4. SSO is now set up correctly and you can use your email address to sign in to CloudRanger.

Did this answer your question?