Comprehensive data protection for all workloads
Post Reply
ManS
Novice
Posts: 3
Liked: 1 time
Joined: Feb 28, 2025 3:18 pm
Full Name: Sascha Manzo
Contact:

Setting up Veeam Enterprise Manager with SSO

Post by ManS » 1 person likes this post

Hi everyone,

I'm trying to configure our Veeam Backup Enterprise Manager with SAML Authentication and SSO capabilities.
With the help of the SAML Authentication documentation (https://helpcenter.veeam.com/docs/backu ... ml?ver=120), I was able to set up AD FS and VBEM so that users can successfully log on to the VBEM console.

However, since we have a slightly more special environment, the SSO capabilities won't work. Our environment has the following setup:

ADFS domain joined (mydomain.local)
Veeam Components in local workgroup (mydomain.secure)
UPN name standard: firstname.lastname@mydomain.ch

My question now, are there any custom transform/claim rules for AD FS, so that Single Sign-On works successfully?

Thanks in advance
david.domask
Veeam Software
Posts: 2813
Liked: 641 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: Setting up Veeam Enterprise Manager with SSO

Post by david.domask »

Hi Sascha, welcome to the forums.

Can you elaborate a bit more on what doesn't work specifically with SSO? Have you already opened a Support Case for the issue? If so, please share the case number.

There are some changes to the config addressing a lot of SSO configurations, but I think starting with what's not working and the specific errors in a Support case are the best first step.
David Domask | Product Management: Principal Analyst
ManS
Novice
Posts: 3
Liked: 1 time
Joined: Feb 28, 2025 3:18 pm
Full Name: Sascha Manzo
Contact:

Re: Setting up Veeam Enterprise Manager with SSO

Post by ManS »

Hi David,

Thanks for the response. Sorry for the late reply.
As of now, no Case was opened about that issue.


We are not getting any error messages, neither on the Veeam Enterprise Manager nor on the AD FS server.
When I start the login process by clicking the "Use Single Sign-On" button, I get the login page of our AD FS. After entering the correct login information, I am successfully redirected to the Enterprise Manager.
So the basic configuration on both the Enterprise Manager and the AD FS side should be correct.

The problem is that our domain does not match the domain in the UPN. Our UPN is as follows: firstname.lastname@mydomain.ch. Our domain, however, is mydomain.local.
Is there a way to adjust the rules on the AD FS so that the email address is used as the login attribute instead of the UPN?

Cheers,
Sascha
quinnvanorder_cariad
Lurker
Posts: 2
Liked: 2 times
Joined: Mar 06, 2025 5:06 pm
Full Name: Quinn Van Order
Contact:

Re: Setting up Veeam Enterprise Manager with SSO

Post by quinnvanorder_cariad »

The domain mismatch will break SAML, however you can change what VBEM passes as its domain to resolve this.
  • Make a copy of the file C:\Program Files\Veeam\Backup and Replication\Enterprise Manager\WebApp\Web.config
  • Replace with your FQDN, making sure to keep the relevant port at the end
  • Save the file, go to IIS and restart “VeeamBackup”
After having done so, within the VBEM Configuration > Settings > SAML Authentication page, you should see the domain reflect at the bottom in the 'SP Entity ID / Issuer' section.

Note: Every time you update Veeam, it will flatten this, and you will need to remember to fix this! @Veeam Devs, please make it so updates dont blast this!
ManS
Novice
Posts: 3
Liked: 1 time
Joined: Feb 28, 2025 3:18 pm
Full Name: Sascha Manzo
Contact:

Re: Setting up Veeam Enterprise Manager with SSO

Post by ManS »

Hi Quinn

Thank you for the instructions.

I have already made this setting and tested it. Generally, the SAML authentication works, but not the Single Sign-On.

As I understand SSO correctly, my Windows login data is used and forwarded to VBEM / AD FS.
However, our UPN contains a different domain suffix than our domain, so the authentication cannot be performed with SSO and I am redirected to the AD FS login page.

Cheers,
Sascha
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], pybfr and 54 guests