Entrust Identity as a Service™ Technical Integration Guides
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. SAML Integration Guides >
  3. Integrate Druva

Integrate Druva

Druva provides SaaS-based data protection and management products. Druva supports SSO for Managed Services Providers to access a Managed Services Center. See https://www.druva.com.

Note: This guide was tested using Identity as a Service 5.35 and Druva 4.2-402269. Other versions of Druva may require integration and configuration steps that differ from those documented in this procedure. For newer versions of Druva, this integration guide can be used as an initial approach for integrating Druva. In the event of other issues, contact support@entrust.com for assistance.

To integrate Druva with Identity as a Service you must do the following:

Before you begin, open two browser windows: one for Druva and one for IDaaS.

Step 1: Download the Druva Certificate and copy the Single Sign-On tokenStep 1: Download the Druva Certificate and copy the Single Sign-On token

Open a Web browser and go to https://login.druva.com.

Log in to your Druva account. The Dashboard page appears.

From the menu, select Druva Cloud Settings. The Settings page appears.

Go to Single Sign-On and click Edit. The Edit Single Sign-On Settings page appears.

Select AuthnRequests Signed.

Under SSO SAML Certificate, click Download to download the Druva Certificate.

Click Save to return to the Settings page.

Click next to Single Sign-On and select Generate SSO Token. The Single Sign-On Token dialog box appears.

Open a text editor, such as Notepad, and copy and paste the Token Generated.

Close Single Sign-On Token dialog box.

Leave this window open.

Step 2: Add Druva to Identity as a ServiceStep 2: Add Druva to Identity as a Service

Add Druva application to Identity as a Service

Log into your Identity as a Service administrator account.

Click > Security > Applications. The Applications Lists page appears.

Click Add. The Select an Application Template page appears.

Do one of the following:

Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

Click Druva. The Add Druva page appears.

Enter an Application Name.

Enter an Application Description.

Optional. Add a custom application logo.

Click next to Application Logo. The Upload Logo dialog box appears.

Click  to select an image file to upload.

Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

If required, resize your image.

Click OK.

Select the Authentication Flow that appears to users during login.

Click Next. The General page appears.

In the Default Assertion Consumer URL field, enter:

https://login.druva.com/api/commonlogin/samlconsume

In the Service Provider Entity ID (Issuer) field, enter:

MSC_login

Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.

Enter the Max Authentication Age (seconds) to set the maximum amount of time that can elapse before a user is required to reauthenticate during a new login attempt. This applies for both SP-initiated and IDP-initiated login. Set this field to -1 to disable this feature.

From the SAML Name ID Attribute drop-down list, select Email.

From the SAML NameID Encoding Format drop-down list, select Email.

Select the SAML Signing Certificate from the drop-down list.

Optional: Select Respond Immediately for Unsuccessful Responses to return to the application immediately after a login failure, rather than allow user to try again with a different userID.

Deselect Enable Go Back Button if you do not want users to be able to go back to the Druva for login page to log in.

Select to enable Encrypt SAML Assertion.

Click to upload the Encryption Certificate file you downloaded in Step 1: Download the Druva Certificate and copy the Single Sign-On token.

 Add the Single Sign-On token attribute, as follows:

 Under SAML Attributes, click Add. The SAML Attributes dialog box appears.

  In the Name field enter druva_auth_token.

  In the Values field, enter the Single Sign-On token you copied in Step 1: Download the Druva Certificate and copy the Single Sign-On token.

 Click Add.

 Click Submit.

Step 3: Add a resource ruleStep 3: Add a resource rule

See Create resource rules.

Step 4: Copy the SAML signing certificate and IDP initiated URLS from IDaaSStep 4: Copy the SAML signing certificate and IDP initiated URLS from IDaaS

Copy the SAML signing certificate and the IDP URLs

In IDaaS, click > Security > Applications. The Applications List page appears.

Under SAML Cloud Integrations, click SAML Signing Certificates. The SAML Signing Certificates page appears.

Click  next to the certificate to copy it to the clipboard.

Open a text editor, such as Notepad, and paste the contents of the certificate into the text file.

Return to the Applications List page.

Click next to the Druva application and select IDP initiated URLs. The IDP Initiated URLs dialog box appears.

Copy the value in the No relay state field and paste it in to the text file.

Click OK to close the dialog box.

Save the text file.

Step 5: Configure SSO in Druva for Identity as a ServiceStep 5: Configure SSO in Druva for Identity as a Service

Return to the Druva Cloud Settings and click Edit for the Single Sign-On. The Edit Single Sign-On Settings page appears.

In the ID Provider Login URL field, enter the IDP initiated URLs you copied in Step 4: Copy the SAML signing certificate and IDP initiated URLs from IDaaS.

In the ID Provider Certificate field, enter the SAML Certificate you copied in Step 4: Copy the SAML signing certificate and IDP initiated URLs from IDaaS.

Click Save.

Step 6: Test the integrationStep 6: Test the integration

Testing Service Provider Login

Open a Web browser and enter the URL https://login.druva.com/login . You are directed to Identity as a Service.

Enter your Druva Cloud account User ID and click Next.

Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to the Druva Console Home page.

Testing Identity as a Service redirect log in

 Log in to your Identity as a Service account.

Go to your My Profile page if you are not already there.

Under Applications, click Druva SAML.

Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to Druva Console Home page.