# JumpCloud Verkada supports Security Assertion Markup Language (SAML) authentication using JumpCloud as your Identity Provider (IdP). | Feature | Supported | | ----------------- | :-------: | | OIDC SSO | — | | SAML SSO | Yes | | SCIM Provisioning | — | | ECE Support | — | ### Before you begin To integrate Security Assertion Markup Language (SAML), you must first [generate a client ID](/command/security/identity-providers.md#generate-client-id). *** ## Configuration ### Set up SSO {% stepper %} {% step %} **In Verkada Command, go to All Products > Admin > Privacy & Security > Authentication & User Management.** {% endstep %} {% step %} **Click Add New to set up single sign-on (SSO).** {% endstep %} {% endstepper %} ### Create your Verkada app {% stepper %} {% step %} **Navigate to your JumpCloud dashboard and click SSO to view your SSO applications.** {% endstep %} {% step %} **Click the plus (+) icon to create a new application.**

{% endstep %} {% step %} **Click Custom SAML App.**

{% endstep %} {% step %} **Name your application, add a description, and (optionally) change the icon. Use a name relevant to Verkada.** {% endstep %} {% step %} **When you're finished, at the top menu, select SSO, and click activate.**

{% endstep %} {% step %} **Configure the IdP Entity ID, SP Entity ID, and ACS URL as follows:** * For **IdP Entity ID**:\ For US orgs: [https://vauth.command.verkada.com/saml/sso](https://vauth.command.verkada.com/sam/sso)\ For EU orgs: For AUS orgs: * For **SP Entity ID**:\ For US orgs: [https://vauth.command.verkada.com/saml/sso](https://vauth.command.verkada.com/sam/sso)\ For EU orgs: For AUS orgs: * For **Sign on URL**:\ For US orgs: \ For EU orgs: [https://saml.prod2.verkada.com/saml/login](https://saml.prod2.verkada.com/saml/login/) For AUS orgs: * Alternatively, you can copy the fields from Command. {% hint style="warning" %} To confirm which region you're located, please [refer to where your organization was created for Verkada](/command/getting-started/get-started-with-verkada-command.md). {% endhint %} {% endstep %} {% step %} **Click activate.** {% endstep %} {% step %} **Scroll down and select the dropdown to set your SAML Subject NameID Format to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`.** {% endstep %} {% step %} **Check the Sign Assertion box, if not done already.** {% endstep %} {% step %} **Set the Login URL where you can replace `` by your previously-generated client ID (in this application example, `cto` is the client ID):** * For US orgs: * For EU orgs: * For AUS orgs: {% hint style="warning" %} To confirm which region you're located, please [refer to where your organization was created for Verkada](/command/getting-started/get-started-with-verkada-command.md). {% endhint %} {% endstep %} {% step %} **Check the Declare Redirect Endpoint box, if not done already, and click activate.**

{% endstep %} {% endstepper %} ### Configure SAML attributes {% stepper %} {% step %} **Scroll down further and click add attribute THREE times to open 3 attribute fields.** {% endstep %} {% step %} **Type the information exactly as it appears in the screen below; it is case-sensitive.** {% endstep %} {% step %} **Select User Groups and confirm the groups you want to enable SSO access for are checked. In this JumpCloud instance, there is only one group named All Users.**

{% endstep %} {% step %} **Click activate to enable this group access to your Verkada application.** {% endstep %} {% step %} **Click activate > confirm to complete your new SSO connector instance.**

{% endstep %} {% endstepper %} ### Export XML metadata {% stepper %} {% step %} **Once activated, go back to the featured application to download your XML metadata file.**

{% endstep %} {% step %} **Select SSO and click Export Metadata to export the JumpCloud Metadata file.**

{% endstep %} {% step %} **Save the exported file, give it a relevant name, and click OK > Save.**

{% endstep %} {% step %} **After downloading the XML file,** [**upload it to Command**](/command/security/identity-providers.md#command-sso-configuration)**.** {% endstep %} {% endstepper %} ### Ensure your SSO users are provisioned (optional) {% hint style="warning" %} Make sure your users using SSO are already provisioned in Command, whether you use SCIM or you create their accounts manually; otherwise, SSO does not work. {% endhint %} {% stepper %} {% step %} **Your users can access the** [**JumpCloud User Console**](https://console.jumpcloud.com/userconsole#/) **(IdP-initiated flow).**

{% endstep %} {% step %} **Choose single sign-on via Command (Service Provider \[SP]-initiated flow).** {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.verkada.com/command/security/identity-providers/jumpcloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.