[V13] Enterprise Manager with SAML not working [SOLVED]

[ashleyw]

Hi,

We have followed a similar process as we followed with the B&R webui to enable SAML.
So we create an o365 app exactly like we did for the B&R, and then configure EM in a similar way by
>Configuration>Settings>SAML authentication
We use the import from file option to upload the xml file we got from the o365 Entra portal for that App.
Everything good at this point.

I then go to >settings>roles and add my o365 primary identifier as an external user in there with Portal Administrator access.
Everything looks all good at this point.

When I use the sign on with SSO option in a private window, then its gets past the o365 flow and ends up in Veeam with an "Authentication error".
see below.

The only thing I can think of is that I initially deployed enterprise manager on the wrong domain name, which I later then changed through the appliance console, and then regenerated the machine and webapi certs through the UI and selected the cert in the UI, but I've double and tripple checked this and I can't find an issue.

I have logged a ticket; 07846889 pointing back to this post.

Any thoughts here?

cheers
Ashley

[ashleyw]

For anyone stumbling across this issue, The problem was on our side;
- The Name ID on the app needed to be changed to "Persistent" in EntraID.
- The login type needed to be specified as "unspecified" in Veeam.
- Set EntraID to sign SAML responses and assertion

Some of this information came from here; https://helpcenter.veeam.com/docs/backu ... _saml.html
Luckily our own resident SSO expert (among many other things) - Peter Nield was able to assist me in getting to the bottom of this.

I think what would really help people, would be for more documentation around setting up SAML for EntraID as this is rapidly becoming a base requirement for most large organisations.