- What parameters are required from service providers that should be configured with IdP?
- What are the default claim rules that are required to be configured at IdP?
- Does inSync support two-factor authentication in case of SSO?
- Does inSync support metadata file and logout URL?inSync support metadata file and logout URL?
- What is the endpoint URL for inSync SSO?inSync SSO?
- Can an administrator except Cloud administrator configure SSO for administrators?
- Which certificate is required from ADFS that needs to be configured with inSync?
- How to resolve Invalid Password error seen when trying to activate the inSync Client or while logging on to user's Web Console but when the old password still works?
What parameters are required from Identity Provider (IdP) that should be configured in inSync Management Console?
Currently, inSync supports the following parameters from an IdP:
- ID Provider Login URL
- ID Provider Certificate
Which RelayState parameters are required for configuring SSO for users and administrators?
RelayState is a parameter used by SAML protocol implementation to identify the specific resource as the resource provider in an IdP initiated single sign-on scenario.
browseractivate or optionally, can be left blank.
If you are using ADFS as an IdP, specify druva-cloud.
What parameters are required from service providers that should be configured with IdP?
In this case, inSync is the service provider and other party is the IdP. The parameters that are required by the IdP are as follows:
- RelayState or Entity ID
- Claim Rules
- EndPoint URL
What are the Default Claim Rules that are required to be configured at IdP?
|LDAP Attribute||Outgoing Claim Type|
|E-mail addresses||Name ID|
|E-mail addresses||E-mail address|
Does inSync support two-factor authentication in case of SSO?
Yes. inSync supports two-factor authentication. First authentication is done when the request is redirected from Service Provider to IdP.
- Second authentication takes place with the use of “inSync_auth_token” parameter generated from the inSync Management Console. To generate SSO token,inSync Management Console. To generate SSO token,
- Navigate to Manage > Settings > Single Sign-On and then click Generate SSO Token.
- Copy the token and enter it in IdP console.
Note: Druva recommends that you generate the SSO token only once. If you generate the SSO token again, the old SSO token (that you shared with your IdP) becomes inactive. You must then again share the newly generated SSO token with your IdP.
Does inSync support Metadata file and Logout URL?
No. Currently, inSync does not support metadata file provided by an IdP and logout URL. Contact Druva Support for more details.
What is the Endpoint URL for inSync SSO?
Endpoint URL for inSync SSO is: https://cloud.druva.com/wrsaml/consume
Can an administrator except Cloud administrator configure SSO for administrators?
No. Only a Cloud administrator has permissions to configure SSO for administrators.
Which certificate is required from ADFS that needs to be configured with inSync?
inSync requires Token Signing Certificate or ID Provider Certificate from ADFS. It must be configured in inSync Management Console.
To obtain ID Provider Certificate,
- On the ADFS 2.0 console, click Service > Certificates.
- In the Certificates window, select the token signing certificate placed under Token-signing category.
Certificate properties windows appears.
- Click on the Details tab and then click Copy to File.
Certificate Export Wizard appears. Click Next
- Select Base-64 encoded X.509 (.CER) and click Next. The ID Provider Certificate is exported.
How to resolve Invalid Password error seen when trying to activate the inSync Client or while logging on to user's Web Console but when the old password still works?
inSync uses inSync password as a fallback mechanism if the IdP redirection is failing. There can be various reasons for this fallback such as invalid IdP URL or IdP certificate. If you run into this problem, please contact Druva Support.