Configuring SSO for Azure AD

To configure SSO authentication with Azure AD:

1. Log in to Veeam Service Provider Console.

For details, see Accessing Veeam Service Provider Console.

2. At the top right corner of the Veeam Service Provider Console window, click Configuration.
3. In the configuration menu on the left, click Security.
4. On the SIngle Sign-On tab, click New and select Custom from the drop-down list.

The identity provider configuration wizard will open.

5. At the Provider Info step of the wizard, specify general information on the IdP:

• In the Display name field, specify the IdP name that will be displayed in the IdP list on the Single Sing-On tab.

• Click Create SP entity ID link to generate entity ID URL based on the Client ID value.

Save the link locally.

If you apply changes to Client ID value after link generation, click New link.

• Click Create Assertion consumer link to generate assertion consumer service URL based on the Client ID value.

Save the link locally.

If you apply changes to Client ID value after link generation, click New link.

6. Access Azure AD web portal.
7. Navigate to the Enterprise Applications tab.
8. In the menu on the left, select All applications.
9. At the top of the list, click New application.
10. In the Browse Azure AD Gallery window, click Create your own application.
11. In the Create your own application side window, specify the name of the integration with Veeam Service Provider Console and select Integrate any other application you don't find in the gallery (Non-gallery).
12. In Veeam Service Provider Console, insert the application name into the Client ID field.

13. In Azure AD, open the created application.
14. In the menu on the left, click Single sign-on and select SAML.

The SAML-based Sign-on page will open.

15. Copy the App Federation Metadata URL link.
16. In Veeam Service Provider Console, insert the URL into the Identity Provider URL field.

17. In Azure AD, from the Set up ... widget, copy the Microsoft Entra Identifier link.
18. In Veeam Service Provider Console, paste the link into the Entity ID field.

19. In Azure AD, in the top right corner of the Basic SAML Configuration widget, click Edit.
20. In the Identifier (Entity ID) section, insert the URL generated in the SP entity ID URL field at step 5 into the empty field.
21. Select the Default check box next to the new URL and delete the old URL.
22. In the Reply URL (Assertion Consumer URL) section, insert the URL generated in the Assertion consumer URL field at step 5 into the empty field.
23. Select the Default check box next to the new URL and delete the old URL.
24. Click Save.
25. Follow steps 6-8 described in the Adding Identity Providers section.
26. In Azure AD, at the top of the SAML-based Sign-on page, click Upload metadata file and upload the XML file obtained after IdP configuration.
27. Follow steps 9-10 described in the Adding Identity Providers section.
28. In Azure AD, navigate to the Users and groups tab and add users that will have access to Veeam Service Provider Console.