Configuring IdP and SSO Settings

In this article

    Veeam Backup for Salesforce supports single sign-on (SSO) authentication based on the SAML 2.0 protocol. SSO authentication scheme allows a user to log in to different software systems with the same credentials using an identity provider (IdP).

    Note

    Only Azure Active Directory oAuth 2.0 IdP is supported in Veeam Backup for Salesforce v1.

    To configure the IdP settings on the Azure side, you must create a new Azure AD application for Veeam Backup for Salesforce in the Azure portal. To learn how to register an application with the Microsoft identity platform, see Microsoft Docs.

    When creating the application, consider the following:

    • The redirect URI added to the application must match the management server FDQN that you use to access the Veeam Backup for Salesforce Web UI. To make sure that you are adding the correct URI, switch to the Configuration page and navigate to Users and Roles > Single Sign-On. The address will be displayed in the Callback URL field.
    • The following API permissions must be granted to the application: GroupMember.Read.All User.Read User.Read.All.

    To configure the IdP settings on the Veeam Backup for Salesforce side, do the following:

    1. Switch to the Configuration page.
    2. Navigate to Users and Roles > Single Sign-On.
    3. Set the Enable Azure AD authentication toggle to On.
    4. In the Client ID field, provide the Application (client) ID of the registered Azure AD application. You can find the ID on the app registration Overview pane in Azure portal.
    5. In the Tenant ID field, specify the Directory (tenant) ID of the registered Azure AD application. You can find the ID on the app registration Overview pane in Azure portal.
    6. In the Secret Value field, enter the value of a client secret created in the specified Azure AD application. To learn how to create client secrets, see Microsoft Docs.
    7. Click Save and Authorize. You will be redirected to the Azure portal. In the Azure portal, navigate to the created Azure AD application page, and grant admin consent to the application. To learn how to do that, see Microsoft Docs.

    As soon as the IdP settings are successfully configured, the SSO session is started. You can start adding users to Veeam Backup for Salesforce. Consider that the SSO session time out is 30 minutes. If the SSO session is expired, you must log in to Veeam Backup for Salesforce using the local administrator credentials once again, and continue adding users for the next 30 minutes.

    Configuring IdP and SSO