Enterprise Controlled Encryption

Enable customer-managed encryption keys for maximum data security

Enterprise Controlled Encryption (ECE) provides the highest level of data security by allowing your organization to manage its own encryption keys. With ECE enabled, only your organization can decrypt your data—Verkada cannot access it.

ECE requires OIDC-based SSO with Google Workspace, Microsoft Entra ID, or Okta. SAML-only providers are not supported.

How ECE works

ECE uses your identity provider to generate and manage encryption keys. When enabled:

All data at rest is encrypted with keys derived from your IdP
Verkada cannot decrypt your data without your IdP's authorization
Losing access to your IdP means losing access to your encrypted data

Setup and recovery

Enable Enterprise Controlled Encryption Enterprise Controlled Encryption Account Recovery

Last updated 8 hours ago

Was this helpful?