OKTA Single Sign On integration with Veeam Data Cloud for M365

[NK100251]

Hello,

We want to configure OKTA single Sign On (SSO)/ identity provider (IdP) that lets users log in once and securely access VDC for M365 without re-entering credentials. This is achieved by SAML 2.0 protocol.

Below will be Single Sign On for OKTA flow

1. User login to OKTA and tries to access VDC for M365 application
2. Okta authenticates the user (password + MFA) via SAML 2.0 protocol
3. VDC app trusts Okta and user is logged in.



If yes, how can we do it? If not, what are the possible workaround?

[micoolpaul]

Hi,

VDC does not currently support SAML so you can’t bring your own IdP. VDC currently supports Entra ID SSO and Veeam Authentication, a Veeam hosted authentication service.

If your Entra ID SSO does a passthrough/passback with OKTA but the auth flow starts and ends with Entra ID SSO, you can likely use this, but Veeam doesn’t explicitly support this so you would be required to perform your own troubleshooting.

Thanks,
Michael

[NK100251]

Thanks Michael for the information.
Can you explain what you mean by this statement

"Entra ID SSO does a passthrough/passback with OKTA but the auth flow starts and ends with Entra ID SSO, you can likely use this"

Also, is there any plan to introduce OKTA SSO authentication via SAML protocol in upcoming release? If yes, please confirm when.

I was also going through the some of the documentation where we can use Veeam Cloud and Service Provider console to add VDC for M365 tenant and integrate VCSP console with OKTA SAML for Single Sign On authentication.

[NK100251]

Thanks Michael for the information.
Can you explain what you mean by this statement

"Entra ID SSO does a passthrough/passback with OKTA but the auth flow starts and ends with Entra ID SSO, you can likely use this"

Also, is there any plan to introduce OKTA SSO authentication via SAML protocol in upcoming release? If yes, please confirm when.

I was also going through the some of the documentation where we can use Veeam Cloud and Service Provider console to add VDC for M365 tenant and integrate VCSP console with OKTA SAML for Single Sign On authentication.

[micoolpaul]

Hi,

VCSP console doesn't support VDC, that's Veeam Backup for Microsoft 365, the self-installed & self-hosted solution. So I would disregard any of its documentation in regard to Veeam Data Cloud.

What I meant by my previous comment is that you can leverage OKTA as a complete standalone SSO, or you can leverage it as part of the Entra ID SSO authentication flow, whereby Entra ID SSO passes certain authentication elements to OKTA such as for MFA challenges, with OKTA then confirming pass/fail for the authentication elements it is responsible for, passing this back to Entra ID to handle the final authorisation. We do not support the former, 'OKTA as a complete standalone SSO', but if you have integrated OKTA into Entra ID SSO authentication flows, this could work.

I'm aware we are tracking requests for SAML but it is not in my team to share such information around upcoming features. I'll add this request to our request tracker.