Ctrlk
Log InContact Support
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Identity Providers

Configure SSO and user provisioning with your identity provider

Integrate Verkada Command with your organization's identity provider (IdP) for Single Sign-On (SSO) and automated user provisioning.

Supported providers

Provider
OIDC
SAML
SCIM
ECE Support

Okta

Yes

Yes

Yes

Yes

Microsoft Entra ID

Yes

Yes

Yes

Yes

Google Workspace

Yes

Yes

Yes

Yes

OneLogin

Yes

JumpCloud

Yes

AD FS

Yes

Verkada recommends OIDC over SAML when available for enhanced security and easier configuration.

Which method should I use?

  • Want the most secure option? Use OIDC + Enterprise Controlled Encryption

  • Need automated user management? Add SCIM provisioning to sync users from your IdP

  • IdP only supports SAML? Follow the generic SAML setup instructions below

You need Organization Admin permissions to set up SSO.

Generate client-ID

1

Go to Verkada Command > All Products > Admin.

2

Under Login & Access, select Single Sign-On (SSO).

3

Click Add.

You should see your client ID and the fields to enter into your IdP:

  • Client ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Reply ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Sign-on URL:

    • US orgs: https://vauth.command.verkada.com/saml/login/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/login/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/login/<client-ID>

To confirm which region you're located in, refer to where your organization was created for Verkada.

4

Complete your IdP configutation then come back to complete the Command configuration.

Command SSO configuration

After configuring your IdP, you'll receive an XML metadata file to upload to Command.

1

Go to Verkada Command > All Products > Admin.

2

Under Login & Access, select Single Sign-On (SSO).

3

Click next to your SAML configuration.

4

In the Email Domains section, configure the email domains that users in your organization will use to log in.

5

In the Identify Provider XML Metadata section, click Upload New XML.

Upload the XML file you downloaded during your IdP configuration.

6

In the Verify Metadata section, click Run Login Test to verify that the setup was completed correctly. If the login tests fail, review your metadata file and associated domains.

Common error: app_not_configured_for_user — This can happen when your browser has cached app access. Use an incognito browser or clear your cache and retry.

Before you can verify the XML, you must add email domains.

7

(Optional) Toggle on Require SSO to force everyone in your organization to login with SSO.

  • Anyone using the configured email domain must go through SAML to sign in

  • Provides greater control over user access

  • If SAML has issues, users cannot sign in until resolved or enforcement is disabled

You cannot require SSO until the XML has been verified.

Need help?

See SCIM Token Management for provisioning configuration.

Last updated

Was this helpful?