I want to create a new sub tenant of the type vCloud Director according to the instructions on https://helpcenter.veeam.com/docs/backu ... ml?ver=110
All our regular users in vCloud Director have SAML authentication and therefore have 2 factor authentication. This is a security requirement. The Veeam SP manual wants me to create an account in vCD directly or through LDAP. This accounts will not have 2 factor authentication for it is not SAML authentication. Is there an other way to create the account that Veeam will use in vCloud Director? Is there a better, more secure way vCloud Director and Veeam can interact with eachother?
-
guido-vc
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 11, 2021 3:15 pm
- Contact:
-
Gostev
- Chief Product Officer
- Posts: 31561
- Liked: 6725 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Cloud connect vCloud sub tenant
Such use cases require classic "service accounts". These are always excluded from 2FA, as it is an interactive process by definition, so it can only by used by humans. I don't know how you can make a service account "more secure" aside of usual stuff (long password, not using it anywhere else). Do you have some ideas?
-
guido-vc
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 11, 2021 3:15 pm
- Contact:
Re: Cloud connect vCloud sub tenant
I thought maybe it would be possible to change the requirements on the account slightly. The account now has the role of Organization administrator. Can we use a different role with a different set of permissions? Maybe an account with less permissions than the role organization administrator?
-
veremin
- Product Manager
- Posts: 20284
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Cloud connect vCloud sub tenant
Subtenant accounts do not require organization administrator role (actually, it's the opposite):
Thanks!
Or you are talking about tenant account?To create a subtenant account, the SP can use any vCD organization user account that is not granted administrative rights in the organization.
Thanks!
-
guido-vc
- Novice
- Posts: 3
- Liked: never
- Joined: Oct 11, 2021 3:15 pm
- Contact:
Re: Cloud connect vCloud sub tenant
I am talking about the user in the Organization in vCloud Director.
I have created a new role. I have only assigned the following permissions to the role:
General: Administrator Control
General: Administrator View
Group / User: View
I have not assigned any other permissions. I have assigned the new role to the existing user in vCloud Director. Our customer has performed tests. When they create a new VM on their vCenter the vm is not replicated to us. The message in vCenter is: The operation is not allowed in the current state.
Am I doing something wrong?
I have created a new role. I have only assigned the following permissions to the role:
General: Administrator Control
General: Administrator View
Group / User: View
I have not assigned any other permissions. I have assigned the new role to the existing user in vCloud Director. Our customer has performed tests. When they create a new VM on their vCenter the vm is not replicated to us. The message in vCenter is: The operation is not allowed in the current state.
Am I doing something wrong?
-
veremin
- Product Manager
- Posts: 20284
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Cloud connect vCloud sub tenant
Based on the description, it's not that clear what actions you are performing and what actual issue you are facing, so kindly reach our support team for further investigation. Thanks!
Who is online
Users browsing this forum: No registered users and 106 guests