The Veeam Cookbook Series

A simple step by step no frills approach to achieving your goal

Recipe: Configuring SAML 2.0 Single Sign-On

Expected deliverables:

Veeam Backup & Replication configured to authenticate users through an external identity provider using SAML 2.0 single sign-on.

Time to complete: 15 minutes

Ingredients:

  • A working Veeam Backup & Replication V13 server.
  • An identity provider (IdP) that supports SAML 2.0 (for example, Microsoft Entra ID).
  • The IdP metadata file (or the IdP settings: sign-on URL, entity ID and signing certificate).

Before you start:

Register Veeam Backup & Replication as an application in your identity provider and obtain its SAML metadata.

Assumptions:

You have administrator access to both Veeam Backup & Replication and the identity provider.

Method:

  1. Get the XML metadata file from your identity provider.
  2. In the Veeam console, from the main menu select Users & Roles.
  3. Select the Identity Provider tab.
  4. Select the Enable SAML authentication check box.
  5. In the Identity provider (IdP) information section, click Browse and select the IdP metadata file.
  6. In the Service Provider (SP) information section, click Install and select or import a valid Veeam Backup & Replication server certificate.
  7. Click Download to get the Veeam (service provider) metadata XML file, then provide it to your identity provider.
  8. Click OK to save.
  9. On the Security tab, click Add > External user or group to add each external user or group and assign a Veeam role.
  10. Test the sign-on: on the Web UI or console sign-in page, click Sign in with SSO.

Links to Resources:


Back to top

Copyright © 2025 Solutions Architects, Veeam Software.