Configuring SSO Settings

Veeam Backup for AWS supports single sign-on (SSO) authentication based on the SAML 2.0 protocol. SSO authentication scheme allows a user to log in to different software systems with the same credentials using the identity provider service.

To configure SSO settings for Veeam Backup for AWS, do the following:

1. Switch to the Configuration page.

2. Navigate to General > Identity Provider.

3. In the Identity Provider Configuration section, import identity provider settings from a file obtained from your identity provider:

1. Click Upload Metadata.
2. In the Upload Identity Provider Configuration window, click Browse to locate the file with the identity provider settings.
3. Click Upload.

4. Forward the service provider authentication settings to the identity provider — to obtain the settings, in theVeeam Backup for AWS Configuration section, click Download. Veeam Backup for AWS will download a metadata file with the service provider authentication settings to your local machine.

Alternatively, you can copy the service provider settings manually:

1. Click Copy Link in the SP Entity ID / Issuer field.
2. Click Copy Link in the Assertion Consumer URL field.

5. [Optional] If you want to sign and encrypt authentication requests sent from Veeam Backup for AWS to the identity provider, select a certificate with a private key that will be used to sign and encrypt the requests:

1. In the Veeam Backup for AWS Configuration section, click Select in the Certificate field.
2. In the Upload Veeam Backup certificate window, click Browse to locate the certificate file. In the Password field, specify a password used to open the file.
3. Click Upload.

After you configure SSO settings, you can add user accounts that will be able to log in to Veeam Backup for AWS using single sign-on. For more information, see Adding User Accounts.