Okta

How to Configure SAML 2.0 for CrashPlan Pro

Part 1 – Install the IdP Metadata on Your Server

  1. Copy and save the following IdP Metadata show below with the filename idp.xml. Put the file on your web server the root directory  or in the directory that you plan to make accessible to CrashPlan apps.

    Sign into the Okta Admin dashboard to generate this value.

  2. Test the URL of the idp.xml file to verify that it is accessible. An example of a URL to test is http://172.16.195.219/idp.xml

Part 2 – Configure the  CrashPlan Pro Security Settings

  1. Sign into CrashPlan Pro with administrator privileges. Go to Settings > Security > Single Sign-On, then click the Enable checkbox if it is not checked, as shown below.

    CrashPlan_Pro_1.png
  2. Configure the SSO settings for your Code42 environment, as shown below.
    1. Enter a value for Identity provider name, such as Okta.
    2. Enter the URL to the IdP metadata file that you verified in step 2, above.
    3. Click Save.

      A message will appear in the lower left of your administration console: "Your changes have been saved."
      The Service provider metadata URL becomes visible in your administration console.
    CrashPlan_Pro_2.png
  3. Open the administration console CLI by double clicking the logo in the header of the console.
  4. In the CLI, enter the following command.

    prop.set b42.ssoAuth.nameId.enable true save

    The CLI responds with the following message.

    The system property has been set.
    Some system properties require a restart before they are recognized.
    b42.ssoAuth.nameId.enable=true (saved)
  5. Close the CLI.

Part 3 – Configure Your Code42 Environment to Use Okta SSO Authentication

Your Code42 environment must be configured to use Okta SSO authentication instead of the native user authentication system. This example configures a single organization to authenticate with Okta, but you can also apply these steps with the top-level organization in order to use Okta with your entire Code42 environment.
  1. In CrashPlan Pro, go to Organizations > Org Details > Edit > Security, as shown below.

    • If the parent organization already uses SSO, enable the Inherit security settings from parent option.

    • If the parent organization does not use SSO, disable the Inherit security settings from parent option.

  2. Enable the Use Okta for authentication option.

    CrashPlan_Pro_3.png

Part 4 – Test the Configuration

After you have completed the setup in Okta and in CrashPlan Pro, test the configuration. You can perform this test anytime.
  1. Add the same test user to the organization you configured in part 3, above.
  2. Add the same test user in Okta, after you complete setting up the app in Okta.

  3. Sign out of both the Okta administration console and the Code42 environment administration console

  4. Click the Sign in using Okta button on the sign in screen, as shown below.

    CrashPlan_Pro_4.png

  5. You should be redirected to the Okta sign in page. Sign in using your test user's username and password.

  6. If the test is successful, you will be successfully signed in to the enterprise server administration console as the test user.

Part 5 – Additional CrashPlan Setup

In order to enable SSO on the CrashPlan app, a custom installer must be used during installation. CrashPlan provides information on setting up a custom installer in Step 9 in their documentation.