Configuring SSO for Azure AD

To configure SSO authentication with Azure AD:

  1. Log in to Veeam Service Provider Console.

For details, see Accessing Veeam Service Provider Console.

  1. At the top right corner of the Veeam Service Provider Console window, click Configuration.
  2. In the configuration menu on the left, click Security.
  3. On the Single Sign-On tab, click New and select Custom from the drop-down list.

The identity provider configuration wizard will open.

  1. Access Azure AD web portal.
  2. Navigate to the Enterprise Applications tab.
  3. In the menu on the left, select All applications.
  4. At the top of the list, click New application.
  5. In the Browse Microsoft Entra Gallery window, click Create your own application.

Create New Application

  1. In the Create your own application side window, specify the name of the integration with Veeam Service Provider Console and select Integrate any other application you don't find in the gallery (Non-gallery).

Specify Application Name

  1. In Veeam Service Provider Console, specify general information on the IdP:

Save the link locally.

If you apply changes to Client ID value after link generation, click New link.

Save the link locally.

If you apply changes to Client ID value after link generation, click New link.

Insert Client ID

  1. In Azure AD, open the created application.
  2. In the menu on the left, click Single sign-on and select SAML.

The SAML-based Sign-on page will open.

  1. Copy the App Federation Metadata URL link.

Copy App Metadata URL

  1. In Veeam Service Provider Console, insert the URL into the Identity Provider URL field.

Insert Identity Provider URL

  1. In Azure AD, from the Set up ... widget, copy the Microsoft Entra Identifier link.

Copy Microsoft Identifier

  1. In Veeam Service Provider Console, paste the link into the Entity ID field.

Insert Entity ID

  1. Follow steps 6-8 described in the Adding Identity Providers section.
  2. In Azure AD, in the top right corner of the Basic SAML Configuration widget, click Edit.
  3. In the Identifier (Entity ID) section, insert the URL generated in the SP entity ID URL field at step 11 into the empty field.
  4. In the Reply URL (Assertion Consumer URL) section, insert the URL generated in the Assertion consumer URL field at step 11 into the empty field.

Configure SAML

  1. Click Save.
  2. In the top right corner of the Attributes & Claims widget, click Edit.

Edit Attributes & Claims

  1. Click the Unique User Identifier (Name ID) claim to modify claim settings.
  2. From the Source attribute list, select user.mail.

Modify Required Claim

  1. Click Save.
  2. At the top of the claims list, click Add new claim.

Add Claim

  1. In the Manage claim window, specify claim name and from the Source attribute list, select user.companyname.

Add Claim

  1. Click Save.
  2. If you want to add more claims, repeat steps 27–29 for all claims you want to add.
  3. Close the Attributes & Claims window.
  4. Create users that you want to assign to the application.

Make sure to specify your Veeam Service Provider Console company name in the user properties.

Specify User Properties

  1. In the menu on the left, select Users and Groups.
  2. At the top of the list, click Add user/group.

Add User

  1. In the Add Assignment window, click a link in the Users section.
  2. Select the necessary user in the list and click Select.

Select User

  1. Click Assign.
  2. In Veeam Service Provider Console, follow steps 1–8 of the New Authorization Rule wizard as described in Managing Mapping Rules section.
  3. At the Conditions step of the wizard, specify a claim name equal to the name specified on step 28 and configure mapping conditions.

Configure Mapping Rule

  1. Review the configured mapping rule and click Finish.
  2. In the configuration menu on the left, click Security and open the Single Sign-On tab.
  3. From the Configuration drop-down list, select Test Login.

Veeam Service Provider Console will complete the identity provider configuration and perform a trial authorization.

Page updated 7/8/2024

Page content applies to build 8.1.0.21999