Tenant Account Credentials

To connect to the SP, the tenant uses credentials of the tenant account provided by the SP. Credentials of the tenant account depend on the account type. The following table contains information about credentials for different tenant account types.

Account Type

Account Name

Password1

Standalone tenant account

Name specified by the SP in the properties of the tenant account.

Password specified by the SP in the properties of the tenant account.

VMware Cloud Director tenant account

Name of the organization to which the tenant is granted access in VMware Cloud Director.

To connect to the SP, the tenant specifies the user name of the VMware Cloud Director organization administrator account. To learn more, see Connecting to Service Providers.

Password of the VMware Cloud Director organization administrator account.

Active Directory tenant account

Name of the user account in Microsoft Active Directory.

To connect to the SP, the tenant specifies credentials of their AD user account in the Domain\Username format.

Password of the user account in Microsoft Active Directory.

1 Primary password for the tenant account. Veeam Backup & Replication can also use secondary passwords generated automatically by the product. To learn more, see Secondary Password for Tenant Account.

Secondary Password for Tenant Account

In addition to a primary password of the tenant account used to connect the tenant to the SP, Veeam Backup & Replication can use secondary passwords for backup operations. A secondary password is an additional password automatically generated by Veeam Backup & Replication for the tenant account. Veeam Backup & Replication uses secondary passwords for Veeam Agent backup.

Veeam Backup & Replication uses secondary passwords in the following scenarios:

The secondary password functionality helps to provide an individual unique password for each Veeam Agent connected to the SP. It also helps to avoid passing the primary password outside of Veeam Backup & Replication and saving tenant password to the Veeam Service Provider Console or Veeam Agent configuration database.

Secondary passwords are used by the product in the background and are not displayed to users.

How Secondary Password Works

In the scenario where the SP backup server is managed by Veeam Service Provider Console, Veeam products work with secondary passwords in the following way:

  1. A backup administrator on the SP side configures a backup job or backup policy in Veeam Service Provider Console. Once a backup job or backup policy is added, Veeam Service Provider Console requests a secondary password in Veeam Backup & Replication.
  2. Veeam Backup & Replication generates a secondary password for Veeam Agent added to the backup job. For a backup policy, Veeam Backup & Replication generates an individual secondary password for each Veeam Agent added to the backup policy.
  3. Veeam Backup & Replication passes secondary passwords to Veeam Service Provider Console.
  4. Veeam Service Provider Console applies backup job or backup policy settings to Veeam Agent. These settings include credentials to connect to the SP.
  5. When the backup job starts in Veeam Agent, Veeam Agent connects to the SP backup server using the secondary password.