Proxmox Backup Server
The following example variables are used, and should be replaced with your actual URLs.
pbs.example.com(The URL of your Proxmox instance.)id.example.com(The URL of your Pocket ID instance.)
Pocket ID Setup
- In Pocket ID create a new OIDC Client, name it, for example,
Proxmox Backup Server. - Set a logo for this OIDC Client if you would like to.
- Set the callback URL to:
https://pbs.example.com. - Copy the
Client ID, and theClient Secretfor use in the next steps.
Proxmox Backup Server Setup
- Open the PBS console and navigate to:
Configuration->Access Control->Realms. - Add a new
OpenID Connect ServerRealm. - Enter
https://id.example.comfor theIssuer URL. - Enter a name for the realm of your choice, for example,
PocketID. - Paste the
Client IDfrom Pocket ID into theClient IDfield in PBS. - Paste the
Client Secretfrom Pocket ID into theClient Keyfield in PBS. - You can check the
Defaultbox if you want this to be the default realm PBS uses when signing in. - Check the
Autocreate Userscheckbox. (This will automatically create users in PBS if they don't exist). - Select
usernamefor theUsername Claimdropdown. (This is a personal preference and controls how the username is shown, for example:username = username@PocketIDoremail = username@example@PocketID). - Leave the rest as defaults and click
OKto save the new realm. - Sign in with the Pocket ID account to create the user.
Once the user has been created in PBS, then finish the setup:
- Sign back in as a local administrator to grant permissions per below.
- In PBS, Edit the
PocketIDrealm you created earlier. - Set the
Scopetoopenid profile email groups. - You should now see the user groups in PBS, and you can assign permissions:
- Navigate to
Configuration->Access Control->Permissions. - Click on
Addand selectUser Permission. - Set the
Pathto/for the entire datacenter or specify a specific VM or container path. - Select the
YourUsername@PocketIDuser. - Set the
RoletoAdministrator.
- Navigate to