Veeam Backup for Microsoft Azure 5.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Configuring SSO Settings

Veeam Backup for Microsoft Azure supports single sign-on (SSO) authentication based on the SAML 2.0 protocol. SSO authentication scheme allows a user to log in to different software systems with the same credentials using the identity provider service.

To configure SSO settings for Veeam Backup for Microsoft Azure, complete the following steps:

  1. Switch to the Configuration page.
  1. Navigate to Settings > Identity Provider.
  1. In the Identity provider configuration section, import identity provider settings from a file obtained from your identity provider:
  1. Click Upload Metadata.
  2. In the Upload Identity Provider Configuration window, click Browse to locate the file with the identity provider settings.
  3. Click Upload.
  1. Forward the service provider authentication settings to the identity provider — to obtain the settings, click Download in the Application configuration section. Veeam Backup for Microsoft Azure will download a metadata file with the service provider authentication settings to your local machine.

Alternatively, you can copy the service provider settings manually:

  1. Click Copy Link in the SP entity ID / issuer field.
  2. Click Copy Link in the Assertion consumer URL field.

Tip

If you want to sign and encrypt authentication requests sent from Veeam Backup for Microsoft Azure to the identity provider, select a certificate with a private key that will be used to sign and encrypt the requests:

  1. In the Application configuration section, click Select in the Certificate field.
  2. In the Upload Security Certificate window, click Browse to locate the certificate file. In the Password field, specify a password used to open the file.
  3. Click Upload.

After you configure SSO settings, you can add user accounts that will be able to log in to Veeam Backup for Microsoft Azure using single sign-on. For more information, see Adding User Accounts.

Important

To authenticate a user whose identity has been received from the identity provider, Veeam Backup for Microsoft Azure redirects the user to the identity provider portal. After the user logs in to the portal, the identity provider sends a SAML authentication response to Veeam Backup for Microsoft Azure. The SAML response must contain an attribute whose value will be used by Veeam Backup for Microsoft Azure to identify the user. The attribute value must match the user name that you specify when creating the user account.

For the identity provider to send the required attribute in the SAML authentication response, you must create a claim rule on the identity provider side and specify username as the outgoing claim type (if you use Active Directory Federation Service) or the option claim name (if you use Azure Active Directory).

Configuring SSO Settings

View all results across Veeam
Back to document search