search
Log InContact Support

Identity Providers

Configure SSO and user provisioning with your identity provider

Integrate Verkada Command with your organization's identity provider (IdP) for Single Sign-On (SSO) and automated user provisioning.

hashtag
Supported providers

Provider
OIDC
SAML
SCIM
ECE Support

Okta

Yes

Yes

Yes

Yes

Microsoft Entra ID

Yes

Yes

Yes

Yes

Google Workspace

Yes

Yes

Yes

Yes

OneLogin

Yes

JumpCloud

Yes

AD FS

Yes

circle-info

Verkada recommends OIDC over SAML when available for enhanced security and easier configuration.

hashtag
Which method should I use?

  • Want the most secure option? Use OIDC + Enterprise Controlled Encryption

  • Need automated user management? Add SCIM provisioning to sync users from your IdP

  • IdP only supports SAML? Follow the generic SAML setup instructions below

triangle-exclamation

You need Organization Admin permissions to set up SSO.

hashtag
Generate client-ID

1

Go to Verkada Command > All Products > Admin.

2

Under Login & Access, select Single Sign-On (SSO).

3

Click plus Add.

You should see your client ID and the fields to enter into your IdP:

  • Client ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Reply ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Sign-on URL:

    • US orgs: https://vauth.command.verkada.com/saml/login/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/login/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/login/<client-ID>

circle-info

To confirm which region you're located in, refer to where your organization was created for Verkada.

4

Complete your IdP configutation then come back to complete the Command configuration.

hashtag
Command SSO configuration

After configuring your IdP, you'll receive an XML metadata file to upload to Command.

1

Go to Verkada Command > All Products > Admin.

2

Under Login & Access, select Single Sign-On (SSO).

3

Click pencil-line next to your SAML configuration.

4

In the Email Domains section, configure the email domains that users in your organization will use to log in.

5

In the Identify Provider XML Metadata section, click Upload New XML.

Upload the XML file you downloaded during your IdP configuration.

6

In the Verify Metadata section, click Run Login Test to verify that the setup was completed correctly. If the login tests fail, review your metadata file and associated domains.

Common error: app_not_configured_for_user — This can happen when your browser has cached app access. Use an incognito browser or clear your cache and retry.

triangle-exclamation

Before you can verify the XML, you must add email domains.

7

(Optional) Toggle on Require SSO to force everyone in your organization to login with SSO.

  • Anyone using the configured email domain must go through SAML to sign in

  • Provides greater control over user access

  • If SAML has issues, users cannot sign in until resolved or enforcement is disabled

circle-exclamation

You cannot require SSO until the XML has been verified.

hashtag
Need help?

See SCIM Token Management for provisioning configuration.

Last updated

Was this helpful?