-
rdixon01
- Influencer
- Posts: 24
- Liked: 2 times
- Joined: Oct 09, 2013 2:30 pm
- Full Name: Rick
- Contact:
Using MFA Users and Roles with Immutable repositories
We have implemented V12 in our production environment. In our test environment we are also setting our HPe Storeonce catalyst stores to be immutable and testing Veeam MFA. We have are users (domain account) added to MFA and the dual authorization for logging in works OK. Our users have Administrator role in MFA. They perform all the functions as without MFA. With Immutability set on the Repository you cannot delete a immutable repository/ files as expected BUT, they can uncheck the box on the repository and turn off immutability. Now I found a workaround and that was to add their account into users roles twice, once as a Restore Operator and once as a Backup Operator. This configuration looks to limit the user from making any changes to the configuration of Veeam. Everything is grayed out that would give them ability to delete, make changes, disable, etc:. They can perform their basic function of restoring and backing a of VM/Job. But the management issue is that we have 20 (+) users on our team that are required to be able to perform restores and sometimes start/retry a backups. We have 5 VBR servers that users nd roles have to be configured independently , so we would have to add 40 (+) accounts to each VBR servers user and role. Without the capability of assigning a AD group to the roles it makes this process of setting up MFA (with immutability) in our environment very difficult to manage. Are there any improvements coming with future updates (Soon) and or is there something that I'm have missed in configure MFA to meet our needs. Anyone come across this issue?
-
chris.childerhose
- Veeam Vanguard
- Posts: 573
- Liked: 132 times
- Joined: Aug 13, 2014 6:03 pm
- Full Name: Chris Childerhose
- Location: Toronto, ON
- Contact:
Re: Using MFA Users and Roles with Immutable repositories
Not sure why you indicated you cannot add an AD group to a role, as I can add groups from my home AD to roles in the VBR console. Also based on the help you can - https://helpcenter.veeam.com/docs/backu ... ml?ver=120
-----------------------
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
Chris Childerhose
Veeam Vanguard / Veeam Legend / Veeam Ceritified Architect / VMCE
vExpert / VCAP-DCA / VCP8 / MCITP
Personal blog: https://just-virtualization.tech
Twitter: @cchilderhose
-
rdixon01
- Influencer
- Posts: 24
- Liked: 2 times
- Joined: Oct 09, 2013 2:30 pm
- Full Name: Rick
- Contact:
Re: Using MFA Users and Roles with Immutable repositories
When you try to add a AD group to Users and Roles (With MFA Enabled) you get a error that Security Groups cannot be added. https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Without MFA enabled, it looks like you can add groups.
Without MFA enabled, it looks like you can add groups.
-
rdixon01
- Influencer
- Posts: 24
- Liked: 2 times
- Joined: Oct 09, 2013 2:30 pm
- Full Name: Rick
- Contact:
Re: Using MFA Users and Roles with Immutable repositories
When you try to add a AD group to Users and Roles (With MFA Enabled) you get a error that Security Groups cannot be added. https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Without MFA enabled, it looks like you can add groups. Case #06217724
Without MFA enabled, it looks like you can add groups. Case #06217724
Who is online
Users browsing this forum: Google [Bot] and 124 guests