Hi Ashley
I also tried a few things with SAML and also Entra ID as one of my test IDP. I had the same question as you about this certificate I had to choose.
In my understanding, this certificate is only relevant if you want to verify incoming requests from SP (in this case: Veeam)
I tried this and uploaded the public key of my selected SP certificate into Entra ID. Login was possible. (btw you can extract the public certificate from the "Download" button in Veeam Console -> Identity Provider -> Service Provider (SP) Information, the cert is in there: X509Certificate)
![Image]()
I am not sure if this is true, but maybe someone with a little more SAML experience or someone from Veeam can verify this?
Does Veeam support SAML request verification by certificate? And what needs to be configured on Veeam?
I have also a different IDP set up as a test-idp and there I am not able to get it to work yet with signing verification enabled on IDP side.
In enterprise manager, we also have a SAML implementation, and this has a few more options to configure. (In EM we have the option advanced -> "Sign AuthnRequests to IdP")
In the screenshot above (in VBR) there is an option "AuthnRequestsSigned=false". Maybe this would be the one to set to true?
In general, I think this UI could get some improvements, like adjusting the certificate manually and not uploading the entire xml file.
Or downloading the SP certificate if we need to upload it to the IDP. (like it is already possible in EM)
Timo
I also tried a few things with SAML and also Entra ID as one of my test IDP. I had the same question as you about this certificate I had to choose.
In my understanding, this certificate is only relevant if you want to verify incoming requests from SP (in this case: Veeam)
I tried this and uploaded the public key of my selected SP certificate into Entra ID. Login was possible. (btw you can extract the public certificate from the "Download" button in Veeam Console -> Identity Provider -> Service Provider (SP) Information, the cert is in there: X509Certificate)
I am not sure if this is true, but maybe someone with a little more SAML experience or someone from Veeam can verify this?
Does Veeam support SAML request verification by certificate? And what needs to be configured on Veeam?
I have also a different IDP set up as a test-idp and there I am not able to get it to work yet with signing verification enabled on IDP side.
In enterprise manager, we also have a SAML implementation, and this has a few more options to configure. (In EM we have the option advanced -> "Sign AuthnRequests to IdP")
In the screenshot above (in VBR) there is an option "AuthnRequestsSigned=false". Maybe this would be the one to set to true?
In general, I think this UI could get some improvements, like adjusting the certificate manually and not uploading the entire xml file.
Or downloading the SP certificate if we need to upload it to the IDP. (like it is already possible in EM)
Timo
Statistics: Posted by tm67 — Sep 22, 2025 8:13 pm
