Step 3b. Specifying Existing Service Account
[This step applies only if you have selected the Specify existing service account option at the Select Service Account Type step of the wizard]
When you specify an existing service account, Veeam Backup for Microsoft Azure connects to an Azure AD application that grants access to your Azure resources. For VB for Microsoft Azure to be able to connect to the Azure AD application, it must be created beforehand as described in Microsoft Docs.
At the Service Account step of the wizard, specify an existing service account that grants access to Azure resources:
- In the Application ID field, enter the application identifier. You can find the identifier in the application settings of your Azure Active Directory. For more information, see Microsoft Docs.
The specified Azure AD application must have either a custom role or the Contributor and Key Vault Crypto Officer Azure built-in roles assigned. If the AD application have a custom role assigned, make sure the role is granted the permissions required to perform backup and restore operations. To learn how to create Azure custom roles, see Microsoft Docs.
If you have ever created a new service account using the Create service account automatically option, you can also assign to the specified Azure AD application the Veeam Service Account role that has been created in Microsoft Azure environment automatically by Veeam Backup for Microsoft Azure. To learn how to assign Azure roles, see Microsoft Docs.
- Select an application authentication type:
- Select the Client (application) secret option to use a client secret. A secret string can be obtained as described in Microsoft Docs.
- Select the Certificate option to use a certificate to authenticate against the server, click Browse to locate the certificate file.
For a certificate to be valid, it must be uploaded to the Microsoft Azure portal and assigned to Azure AD application as described in Microsoft Docs.
Veeam Backup for Microsoft Azure supports certificates only in the .PFX format.
- In the Tenant ID field, enter a tenant ID of the Azure AD application.
You can find the tenant ID in the application settings of your Azure Active Directory. For more information, see Microsoft Docs.