Skip to main content

Password policy for Druva Cloud Administrators using the failsafe option when SSO is enabled

Updated over 2 weeks ago

Overview

This article explains how Druva Cloud Administrators and Legal Hold Admins can use the failsafe login when Single Sign-On (SSO) is enabled. It also outlines Druva’s updated login and password policies.


Who is a Druva Cloud Administrator?

A Druva Cloud Administrator is a super user with full access to all inSync users, workloads, and configuration settings.


Single Sign-On (SSO) for Administrators

  • When SSO is enabled, password-based login is disabled for all administrators except Druva Cloud Admins and Legal Hold Admins.

  • Druva has removed the “Not using Single Sign-On” option from the login screen for regular administrators.

  • All other administrators must log in via their configured Identity Provider (IdP).

Refer to the SSO setup guide


What is Failsafe Login?

Failsafe login is a backup login method using a password that allows access to the Druva admin console when SSO is unavailable.

Who Can Use It?

  • Druva Cloud Administrators
    Can use the failsafe login only when the IdP is unavailable due to outages, network issues, misconfigurations, etc.

  • Legal Hold Admins
    Can use the failsafe login at any time.
    This is because Legal Hold Admins might be external parties (not part of the organization) and may not have an IDP user account.
    The Druva login screen includes a “Sign in as Legal Hold Admin” option specifically for them.


Important Update

  • The “Not using Single Sign-On” login option has been deprecated and is no longer visible.

  • Only Legal Hold Admins have a dedicated login option on the portal.

  • If the IdP has issues authenticating the Druva Admin or in case of outages at the IdP side and you are a Druva Cloud Admin, you can contact Druva Support.

  • Support will help you log in using the failsafe method.


Failsafe Password Policy

(One-time setup when SSO is enabled for the first time or when a new Druva Cloud Administrator is created)

  • Setting the failsafe password is a one-time process that occurs when:

    • SSO is enabled for the first time, or

    • A new Druva Cloud Administrator account is created.

  • Druva Cloud Admins will receive an email to set their failsafe password after SSO is activated.

  • The password must be updated every 60 days (default). The maximum allowed password age is 99 days.

  • Password complexity requirements are fixed and cannot be modified.

  • This password is not used during regular login via IdP. It is only required when IdP is unavailable.


Key Points to Remember

  • Only Druva Cloud Admins can use failsafe login when the IdP is down.

  • Legal Hold Admins can log in using failsafe at any time, using the “Sign in as Legal Hold Admin” link.

  • Other product administrators must always log in through the organization’s SSO and cannot use failsafe login.

If needed, Druva Support can temporarily enable failsafe login access during an IdP outage.

Did this answer your question?