Step 2. Check Requirements to User Account

You can provide access to Veeam ONE for single users and user groups.

The following table describes types of accounts for which you can configure restricted permissions.

Platform

Account Type

Description and Notes

vCenter Server

Domain users and groups

Members of the Active Directory domain.

vCenter Server must be configured to use Active Directory for authentication. For details on user authentication in VMware vSphere, see Active Directory Identity Source Settings.

To log in to Veeam ONE, you must provide user name in the following format: domain\username.

Local users and groups

Local users and groups on the machine where vCenter Server is installed.

To log in to Veeam ONE, you must provide user name in the following format: hostname\username.

Single Sign-On users and groups

Single Sign-On users and groups on vCenter Server. For details, see vSphere Authentication with vCenter Single Sign-On.

Note: Single Sign-On must be installed on the machine where vCenter Server runs, with the default installation path and port settings. Otherwise, Veeam ONE will not be able to detect its database with user groups and users.

To log in to Veeam ONE, you must provide user name in the following format: ssodomain\username.

ESXi host

Domain users and groups

Members of the Active Directory domain.

Standalone hosts must be configured to use Active Directory for authentication. For details, see Using Active Directory to Manage ESXi Users.

To log in to Veeam ONE, you must provide user name in the following format: domain\username.

VMware Cloud Director

Domain users and groups

Members of the Active Directory domain.

Users must be able to authenticate to an LDAP server. For details, see VMware Cloud Director documentation.

To log in to Veeam ONE, you must provide user name in the following format: domain\username.

Local users and groups

Local users and groups in VMware Cloud Director.

To log in to Veeam ONE, you must provide user name in the following format:

  • For organization user: organization\username
  • For VMware Cloud Director administrator: system\username

 

Note:

For each local or Single Sign-On user that authenticates to Veeam ONE, Veeam ONE creates a temporary Windows account on the machine that runs the Veeam ONE Server component. This temporary account is deleted after 30 days of inactivity.

Authorizing with Veeam ONE

To authorize with Veeam ONE components (Veeam ONE Client and Veeam ONE Web Client), a user must have the Allow log on locally privilege assigned.

By default, this privilege is assigned to users included in the local Administrators group. For users not included in the local Administrators group, you must assign this privilege manually.

Note:

If you use the advanced deployment scenario, you must assign the Allow log on locally privilege on the machines that host the Veeam ONE Server and Veeam ONE Web UI components.