search
Log InContact Support

Identity Providers

Configure SSO and user provisioning with your identity provider

Integrate Verkada Command with your organization's identity provider (IdP) for Single Sign-On (SSO) and automated user provisioning.

hashtag
Supported providers

Provider
OIDC
SAML
SCIM
ECE Support

Okta

Yes

Yes

Yes

Yes

Microsoft Entra ID

Yes

Yes

Yes

Yes

Google Workspace

Yes

Yes

Yes

Yes

OneLogin

Yes

JumpCloud

Yes

AD FS

Yes

circle-info

Verkada recommends OIDC over SAML when available for enhanced security and easier configuration.

hashtag
Which method should I use?

  • Want the most secure option? Use OIDC + Enterprise Controlled Encryption

  • Need automated user management? Add SCIM provisioning to sync users from your IdP

  • IdP only supports SAML? Follow the generic SAML setup instructions below

triangle-exclamation

You need Organization Admin permissions to set up SSO.

hashtag
Generate client-ID

1

Go to Verkada Command > All Products > Admin.

2

Under Login & Access, select Single Sign-On (SSO).

3

Click Add New.

You should see your client ID and the fields to enter into your IdP:

  • Client ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Reply ID:

    • US orgs: https://vauth.command.verkada.com/saml/sso/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/<client-ID>

  • Sign-on URL:

    • US orgs: https://vauth.command.verkada.com/saml/login/<client-ID>

    • EU orgs: https://saml.prod2.verkada.com/saml/login/<client-ID>

    • AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/login/<client-ID>

circle-info

To confirm your region, refer to where your organization was created.

hashtag
Upload SAML XML metadata

After configuring your IdP, you'll receive an XML metadata file. Upload it to Command.

circle-info

Before you can verify the XML, you must add domains. You cannot require SSO until the XML has been verified.

1

In the Verify Metadata section, click Add Domain.

2

If the login tests fail, review your metadata file and associated domains.

Common error: app_not_configured_for_user — This can happen when your browser has cached app access. Use an incognito browser or clear your cache and retry.

3

Once verified, toggle on Require SSO to enforce SSO sign-in.

hashtag
Enforce SSO

After configuring SAML, you can enable SSO Enforcement:

  • Anyone using the configured email domain must go through SAML to sign in

  • Provides greater control over user access

  • If SAML has issues, users cannot sign in until resolved or enforcement is disabled

hashtag
Need help?

See SCIM Token Management for provisioning configuration.

Last updated

Was this helpful?