Fun with Okta, SAML and Veeam Enterprise Manager

  • 29 September 2022
  • 2 comments
  • 52 views

Userlevel 7
Badge +11

Hi Folks,

 

I recently was lucky enough to be chosen as an Auth0 Ambassador. However, I am still very much on the initial learning curve when it comes to identity management so have signed up to a few udemy courses and pulled out the documentation. When starting a new path it is always nice to take your first steps in familiar territory so I decided to try out leveraging SAML2.0 for Veeam Enterprise Manager.

 

First we need to create a free Okta developer account:

 

Then we will create a new app integration:

 

VEM (Veeam Enterprise Manager supports SAML 2.0 so that will be our choice here:

We need to give it a name:

Next we need to enter our SAML settings. I used a laptop where I have a test VBR setup:

These two settings (Single Sign On URL and Audience URI can be found in VEM here after you have ticked the Enable SAML 2.0 radio box. Don’t worry about the other settings we will import them later.

 

Save the SAML settings in Okta then open up the App page:

 

Further down on the right hand side you will see a link to the setup instructions for your app:

 

Copy the contents in the box at the bottom and save to a file on your VBR server, make sure to save with a XML file extension:
 

Now we will import that file:

We are now almost ready to go!

Next lets create an external user, we can give it any mythical Veeam Community Hub name that we like, notice that I am giving the user a non Portal Administrator role so that it stands out when we login by not showing the configuration menu:

Back in Okta we need to create this user. Okta calls users people which is a rather refreshing change. Here the Notoriouskgg has been created with a .gov email no less!!

Let’s assign Notorious to the VBR app:

Now when we press Single Sign On back at the VEM login we get redirected to Okta:

After the mandatory password change we are in:

 

That’s it. A quick and dirty review of VEM and Okta. Please bear in mind this is all learning lab work so for production make sure you double check security best practices and when in doubt ask an expert. Also I always delete these tests and all of their settings right after doing them especially if I have taken screenshots :). 


2 comments

Userlevel 7
Badge +8

This is very cool and interesting 👍 going to check it out.

Userlevel 7
Badge +2

Very interesting...I haven’t done anything with Okta but will be deploying VDRO to a client that uses it heavily in a few weeks.  Looks quite cool though, and makes me wonder if we’re hitching our wagon the wrong horse as we perform more SSO integrations/federations with Azure AD and Duo.

Comment