Skip to main content
  • EN

One of the must-have features for providing access security for any sensitive application is the ability to implement multi-factor authentication (MFA) as part of the login process. The release of Veeam Backup and V12 added the ability to enable Multi-factor authentication for logging into the Veeam console (including the remote console).

 

The details:

Before discussing the setup and configuration of MFA, we should discuss what MFA apps are supported.

Veeam Backup and Replication supports Time-Based One-Time Passwords (TOTP) as per RFC 6238 installed on a mobile device.  For example, the following MFA TOTP applications are supported:

  • Microsoft Authenticator
  • Google Authenticator
  • LastPass Authenticator
  • DUO
  • Okta Verify
  • Many more are listed if you do a quick internet search ;)

A console auto-logout time can also be set to ensure that a user gets logged out of the Veeam console after a configurable period of inactivity.

 

Configuring MFA:

Step 1:

Access the Users and Groups selection on the options menu

 

Step 2:

You can turn on MFA and enable auto logoff for extra security from there.

 

Note:

If you have an account that is a service account and you would like to disable MFA, select the user and click edit.  In the next window, you will have the option to turn off MFA.

 

 

Step 3:

On the next login to a Veeam console, the user will be prompted to set up MFA on their TOTP application on their mobile device. They can scan the QR code if the application provides that ability or manually enter the provided code.

 

Step 4:

Once the TOTP application is synched with the Veeam console, the user will be prompted to enter the OTP (one-time password) presented on the mobile application.

 

An administrator can reset the MFA requirement for specific users if needed.

 

Conclusion:

Multi-factor authentication is a great new feature to help protect your Veeam infrastructure from external threats.  It is simple to set up, configure and use and provides one more layer of security to your infrastructure.  After installing or upgrading to V12, this should be on the list of features to enable and require all Veeam admins and users to us.

 

 

Yes, it’s really easy to configure and works great. 😎

It really is! The most questions I receive about MFA is regarding what MFA applications are supported.

I haven’t played with this yet but just took a quick peek at it yesterday.  I didn’t realize there was an option to disable MFA for service accounts, so this is good info to know!  Thanks Joe!

@dloseke and that's the second question I get 😉! Glad I could help!

Easiest and one of the best features added to v12.  We will be configuring this once we upgrade our sites.  Thanks for sharing, Joe.  👌🏼

Neatly outlined. Thank you very much for sharing. 

Also good to know there is ability to disable if (hopefully rarely) needed. Nice concise write-up @vmJoe . Thanks!

Question:
I have removed my Veeam servers out of the domain (security reasons - best practice Veeam)
Can i use the Veeam V12 MFA on non domain users ( Local users)?

Question:
I have removed my Veeam servers out of the domain (security reasons - best practice Veeam)
Can i use the Veeam V12 MFA on non domain users ( Local users)?

Yes you can for local users the same as domain users.

Thaks @vmJoe This was a great reminder to start getting this introduced asap!

I’ll be implementing this soon. Great writeup

Comment


Terms & Conditions