Comprehensive data protection for all workloads
Post Reply
guido-vc
Novice
Posts: 3
Liked: never
Joined: Oct 11, 2021 3:15 pm
Contact:

Cloud connect vCloud sub tenant

Post by guido-vc »

I want to create a new sub tenant of the type vCloud Director according to the instructions on https://helpcenter.veeam.com/docs/backu ... ml?ver=110

All our regular users in vCloud Director have SAML authentication and therefore have 2 factor authentication. This is a security requirement. The Veeam SP manual wants me to create an account in vCD directly or through LDAP. This accounts will not have 2 factor authentication for it is not SAML authentication. Is there an other way to create the account that Veeam will use in vCloud Director? Is there a better, more secure way vCloud Director and Veeam can interact with eachother?
Gostev
Chief Product Officer
Posts: 31814
Liked: 7302 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Cloud connect vCloud sub tenant

Post by Gostev »

Such use cases require classic "service accounts". These are always excluded from 2FA, as it is an interactive process by definition, so it can only by used by humans. I don't know how you can make a service account "more secure" aside of usual stuff (long password, not using it anywhere else). Do you have some ideas?
guido-vc
Novice
Posts: 3
Liked: never
Joined: Oct 11, 2021 3:15 pm
Contact:

Re: Cloud connect vCloud sub tenant

Post by guido-vc »

I thought maybe it would be possible to change the requirements on the account slightly. The account now has the role of Organization administrator. Can we use a different role with a different set of permissions? Maybe an account with less permissions than the role organization administrator?
veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Cloud connect vCloud sub tenant

Post by veremin »

Subtenant accounts do not require organization administrator role (actually, it's the opposite):
To create a subtenant account, the SP can use any vCD organization user account that is not granted administrative rights in the organization.
Or you are talking about tenant account?

Thanks!
guido-vc
Novice
Posts: 3
Liked: never
Joined: Oct 11, 2021 3:15 pm
Contact:

Re: Cloud connect vCloud sub tenant

Post by guido-vc »

I am talking about the user in the Organization in vCloud Director.
I have created a new role. I have only assigned the following permissions to the role:
General: Administrator Control
General: Administrator View
Group / User: View
I have not assigned any other permissions. I have assigned the new role to the existing user in vCloud Director. Our customer has performed tests. When they create a new VM on their vCenter the vm is not replicated to us. The message in vCenter is: The operation is not allowed in the current state.
Am I doing something wrong?
veremin
Product Manager
Posts: 20413
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Cloud connect vCloud sub tenant

Post by veremin »

Based on the description, it's not that clear what actions you are performing and what actual issue you are facing, so kindly reach our support team for further investigation. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 58 guests