Related Links

Single Sign-On with Okta


Company or unit administrators can enable Single Sign-On (SSO) for the respective units. They can choose a SAML 2.0 identity provider (IdP) to sign in to the cloud backup account without the hassle of remembering another password.

To setup Single Sign-On (SSO) with Okta, the administrator needs to:



Create an app on Okta Console

Create an app on Okta console and use it as an identity provider for SSO.

To create the app,

  1. Log in to the Okta console using your Okta account credentials.
  2. Click 'Admin' on the top-right corner to navigate to the admin console.

    Note: This step is applicable when logged in to the administrator end user account only.

  3. Navigate to the 'Applications' tab and click 'Add Application'.
  4. Click 'Create App Integration'.
  5. Select 'SAML 2.0' as the sign-on method, and click 'Create'.
  6. Enter the app name and click 'Next'.
  7. Enter the single sign-on and audience URLs in the respective fields, and choose 'Email Address' from the 'Name ID format' drop-down list and click 'Next'.
    • Single Sign-On URL: https://webapp.idrive360.com/api/sso/process
    • Audience URL: https://webapp.idrive360.com/api/sso/metadata
  8. Select 'I'm an Okta customer adding an internal app' radio button and click 'Finish'.
  9. Click 'View SAML Setup Instructions'. You will be directed to a web page where you will find SAML 2.0 Single Sign-On Login URL, Issuer URL and the X.509 Certificate. Copy and save these to use later while configuring the cloud backup account.

Assign users to the app

To enable SSO for the user accounts, admin needs to assign users to the new app on Okta console.

To assign users,

  1. Launch the new app on Okta console.
  2. Click 'Assign'.
  3. Select 'Assign to Users' and assign users for SSO.

Configure the cloud backup account for Single Sign-On (SSO)

Admin needs to provide the received SAML 2.0 URLs and Certificate from Okta in the Single Sign-On configuration form in the Management Console.

To configure SSO,

  1. Sign in to the cloud backup account and click 'Go To Management Console'.
  2. In the 'Settings' tab, go to the 'Single Sign-On (SSO)' section.
  3. Enter the 'Issuer URL', 'SAML 2.0 Single Sign-On Login URL' and add the 'X.509 Certificate' received from your newly created app on Okta console.

    Note: X.509 certificate should only be in .pem or .cer format.

  4. Click 'Configure Single Sign-On'.

You will receive a confirmation email once SSO is enabled for your account.



Single Sign-On provisioning setup - Okta (SCIM)

Admin of the IDrive® 360 accounts can now set up provisioning for their users from the identity provider. IDrive® 360 supports SCIM (System for Cross-domain Identity Management) provisioning method to provision users.

To setup Single Sign-On (SSO) provisioning with Okta, the admin needs to:

Generate SCIM provisioning token with IDrive® 360 account

Admin needs to generate and use the SCIM (System for Cross-domain Identity Management) provisioning token to sync all the users linked with their IdP to the IDrive® 360 account.

To generate a token,

  1. Sign in to your IDrive® 360 account.
  2. Click 'Go To Management Console'.
  3. Navigate to 'Settings' > 'Single Sign-On (SSO)'.
  4. Click 'Generate Token' under 'Sync users from your identity provider' to generate a token.
  5. Click 'Copy Token' to copy and save the token for future reference.

Configure SCIM provisioning

Once the app is created, the admin can configure their account for SCIM provisioning.

To configure SCIM provisioning,

  1. Log in to the Okta console using your Okta account credentials.
  2. Under 'Applications', click on the newly created app.
  3. Navigate to 'General'.
  4. Click 'Edit' corresponding to 'App Settings' and enable SCIM provisioning.
  5. Click 'Save'.
  6. Navigate to 'Provisioning'.
  7. Click 'Edit' against the 'SCIM Connection' and make the necessary changes as below:
    • SCIM connector base URL: https://webapp.idrive360.com/api/scim/v2
    • Unique identifier field for users: userName
    • Supported provisioning actions: Click and enable the below options:
      • Push New Users
      • Push Profile Updates
    • Authentication Mode: HTTP Header
    • Authorization: Enter the SCIM provisioning token generated on your IDrive® 360 account
  8. Click 'Save'.
  9. Under 'To App', click 'Edit' against 'Provisioning to App'.
  10. Click 'Enable' to enable the below options:
    • Create Users
    • Update User Attributes
    • Deactivate Users
    • Sync Password
  11. For 'Password type', select 'Sync a randomly generated password'.
  12. For 'Password cycle', select 'Generate a new random password whenever the user's Okta password changes.
  13. Click 'Save'.

SCIM attribute mapping

Follow the steps for SCIM attribute mapping,

  1. Go to 'Profile Editor' and click 'Add Attribute'.
  2. Enter the following details,
    • Data type: String
    • Display name: IDrive360 Role
    • Variable name: idrive360_role
      External name: roles.^[primary == true].value
    • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
    • Description: IDrive360 Role
    • Enum: Check the box for 'Define enumerated list of values'.
    • Attribute members field: Enter the following,
      User RolesValues
      Account Owner1
      Company Administrator2
      Backup Administrator3
      Restore User4
      Backup User5
      Backup and Restore User6

      • Note: The role values must exactly match the corresponding roles defined in the application's code.

    • Attribute required: Yes
    • Attribute type: Personal
  3. Click 'Save and Add Attribute'.
  4. Configure attribute in provisioning settings
    • Go back to 'Applications' -> 'Provisioning' tab > To App.
    • In Attribute Mappings, scroll down to the newly added Attribute (which was created, e.g., IDrive360 Role).
    • Click , select 'Same value for all users, and select 'Backup User' (or any role defined earlier to be used as default while provisioning users).
    • For 'Apply on' select 'Create'.
    • Click 'Save'.

Assign users to the provisioned app

To start provisioning, the admin needs to assign users to the application.

To assign users,

  1. Launch the new app on Okta console.
  2. Navigate to 'Assignments'.
  3. Click 'Assign' and choose 'Assign to People' to provision individual users.
  4. Edit properties as needed including the role of the user provisioned in IDrive360.

Note: To add new users, go to 'Directory' > 'People' and click 'Add person'.