search
Log InContact Support

Enterprise Controlled Encryption

Enable customer-managed encryption keys for maximum data security

Enterprise Controlled Encryption (ECE) provides the highest level of data security by allowing your organization to manage its own encryption keys. With ECE enabled, only your organization can decrypt your data—Verkada cannot access it.

circle-exclamation

ECE requires OIDC-based SSO with Google Workspace, Microsoft Entra ID, or Okta. SAML-only providers are not supported.

hashtag
How ECE works

ECE uses your identity provider to generate and manage encryption keys. When enabled:

  • All data at rest is encrypted with keys derived from your IdP

  • Verkada cannot decrypt your data without your IdP's authorization

  • Losing access to your IdP means losing access to your encrypted data

hashtag
Setup and recovery

Enable Enterprise Controlled Encryptionchevron-rightEnterprise Controlled Encryption Account Recoverychevron-right

Last updated

Was this helpful?