Skip to main content
All CollectionsKnowledge BaseinSync ClientHow To - inSync Client
How to configure Okta as an SSO method for inSync authentication?
How to configure Okta as an SSO method for inSync authentication?
Updated over 8 months ago

OS: Windows and LinuxProduct edition: inSync On-Premise 5.8.1 and higher

Overview

This article explains the steps that inSync administrators need to perform in order to configure Okta as an SSO method for inSync user and administrator authentication. Once done, inSync users will be redirected to the webpage of Okta for authentication.

Configure Okta as SSO method

Prerequisites: You need to have SSO token handy before you begin this procedure. The steps to generate SSO token are available in the Configure SSO on inSync On-Premise admin console procedure in this section.

  1. Log in to Okta Admin Console

  2. Click Applications.

  3. Click Add Application.

  4. On the next screen, select Create New App.

    Okta_CreateNewApp.png
  5. Use the Sign on Method as SAML 2.0.

  6. Enter App name as Druva On-Premise.

  7. Click Next.

    Okta_GenSettings.png

Enter the details specified in the table on SAML settings:

Okta_SAMLSetting.png


Field name

Value

Single Sign On URL

https://<IP/FQDN of inSync Server>/wrsaml/consume

Audience URL (SP Entity ID)

druva-cloud

Default Relay State

Leave this field blank

Name ID Format

Email Address

Application Username

Email

Configure following values in the respective fields under ATTRIBUTE STATEMENTS (OPTIONAL).

Name

Name format (optional)

Value

insync_auth_token

Basic

<Single Sign on token from Console>
Enclose the authentication token in double quotation ("") marks, such as "X-XXXXX-XXXX-S-A-M-P-L-E+TXOXKXEXNX=" .

mail

Basic

user.email

  1. Leave the Group Attribute Statements as blank.

  2. Click Next

  3. On the third tab, select I’m a software vendor. I’d like to integrate my app with Okta.

    Okta_HelpSupport.png
  4. Click Finish.

  5. On the next Settings tab, click View Setup Instructions.

    Okta_SettingsTab.png
  6. From the Setup Instructions tab, copy the following. Keep these values handy when you perform the configuration on inSync Management Console.

    • Identity Provider Single Sign-on URL

    • IdP Metadata to your SP provider

  7. Map Okta users to this Druva On-Premises application using following steps:

    1. Open Druva On-Premise application.

    2. Click People & choose Assign to People.

    3. Select the user for whom you want to allow SSO authentication.

Configuration of Okta as SSO method is now complete.

SSO configuration on inSync On-Premise Management Console

You need to configure Druva On-Premise Console to use SSO feature.

Prerequisites: Keep the Identity Provider Single Sign-on URL and iDP Metadata to your SP provider copied in earlier procedure handy before you begin this configuration.

  1. Login to inSync Management Console

  2. Click

    > Settings

  3. Select Single Sign On tab.

  4. Generate the SSO token. You need to provide this token value to iDP under the attributes section.

  5. Click Edit.

  6. Enter the ID Provider Login URL and ID Provider Metadata XML obtained during Okta configuration.

  7. Enter IP address or FQDN of your inSync Mangement Server as ACL URL.

  8. Ensure AuthnRequests Signed and Want Assertions Encrypted are disabled.

Your SSO configuration is now complete and appears as below:

inSync._SSOConfigpng.png

Enable SSO authentication for users

SSO authentication must be enabled for inSync users as the last step to enable the SSO benefit for the users.

  1. On inSync Management Console, click Profile.

  2. Click the profile for which you want to enable SSO.

  3. Select Backup Policies and click Edit on under Retention and Access Policies.

  4. Set Log-in Using option to Single Sign On. Repeat these steps for every profile for which you want to enable SSO authentication.

    inSync_AccessPols.png

SSO is now enabled for all users assigned with this profile. inSync users can now use SSO for:

  • Accessing inSync User Web Console

  • Activating a new device

  • Reactivating existing device


📝 Note

SSO cannot be used for Integrated Mass Deployment.


Did this answer your question?