# JumpCloud

Verkada supports Security Assertion Markup Language (SAML) authentication using JumpCloud as your Identity Provider (IdP).

| Feature           | Supported |
| ----------------- | :-------: |
| OIDC SSO          |     —     |
| SAML SSO          |    Yes    |
| SCIM Provisioning |     —     |
| ECE Support       |     —     |

### Before you begin

To integrate Security Assertion Markup Language (SAML), you must first [generate a client ID](https://help.verkada.com/command/security/identity-providers/..#generate-client-id).

***

## Configuration

### Set up SSO

{% stepper %}
{% step %}
**In Verkada Command, go to All Products > Admin > Privacy & Security > Authentication & User Management.**
{% endstep %}

{% step %}
**Click Add New to set up single sign-on (SSO).**
{% endstep %}
{% endstepper %}

### Create your Verkada app

{% stepper %}
{% step %}
**Navigate to your JumpCloud dashboard and click SSO to view your SSO applications.**
{% endstep %}

{% step %}
**Click the plus (+) icon to create a new application.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-570bbb12d586259512e37e8fd846b375102d78e3%2F8d5eea3ebb5bb94dc646e810d6919f05663b13db.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Click Custom SAML App.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-1fabd8f43db75af23ff53ab4b99bdb31dc727059%2Ff988c3707fc067166ed64072b6c326a15fa45c42.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Name your application, add a description, and (optionally) change the icon. Use a name relevant to Verkada.**
{% endstep %}

{% step %}
**When you're finished, at the top menu, select SSO, and click activate.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-c402663a5b9e9fca45658d68b201bcd82fe884a7%2F597717b7eceeee37f2db1c5816c46d85dd8dabec.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Configure the IdP Entity ID, SP Entity ID, and ACS URL as follows:**

* For **IdP Entity ID**:\
  For US orgs: [https://vauth.command.verkada.com/saml/sso](https://vauth.command.verkada.com/sam/sso)\
  For EU orgs: <https://saml.prod2.verkada.com/saml/sso>

  For AUS orgs: <https://saml.prod-ap-syd.verkada.com/saml/sso>
* For **SP Entity ID**:\
  For US orgs: [https://vauth.command.verkada.com/saml/sso](https://vauth.command.verkada.com/sam/sso)\
  For EU orgs: <https://saml.prod2.verkada.com/saml/sso>

  For AUS orgs: <https://saml.prod-ap-syd.verkada.com/saml/sso>
* For **Sign on URL**:\
  For US orgs: <https://vauth.command.verkada.com/saml/login>\
  For EU orgs: [https://saml.prod2.verkada.com/saml/login](https://saml.prod2.verkada.com/saml/login/)

  For AUS orgs: <https://saml.prod-ap-syd.verkada.com/saml/login>
* Alternatively, you can copy the fields from Command.

{% hint style="warning" %}
To confirm which region you're located, please [refer to where your organization was created for Verkada](https://help.verkada.com/command/getting-started/get-started-with-verkada-command).
{% endhint %}
{% endstep %}

{% step %}
**Click activate.**
{% endstep %}

{% step %}
**Scroll down and select the dropdown to set your SAML Subject NameID Format to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`.**
{% endstep %}

{% step %}
**Check the Sign Assertion box, if not done already.**
{% endstep %}

{% step %}
**Set the Login URL where you can replace `<client-ID>` by your previously-generated client ID (in this application example, `cto` is the client ID):**

* For US orgs: <https://vauth.command.verkada.com/saml/login/%3Cclient-ID%3E>
* For EU orgs: <https://saml.prod2.verkada.com/saml/login/%3Cclient-ID%3E>
* For AUS orgs: <https://saml.prod-ap-syd.verkada.com/saml/sso/%3Cclient-ID%3E>

{% hint style="warning" %}
To confirm which region you're located, please [refer to where your organization was created for Verkada](https://help.verkada.com/command/getting-started/get-started-with-verkada-command).
{% endhint %}
{% endstep %}

{% step %}
**Check the Declare Redirect Endpoint box, if not done already, and click activate.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-3f86c279331fd27efdd951c46adf179436b2e998%2F04043cd33423d9de0abaf4859a315dce4d65d744.png?alt=media" alt="" width="563"></div>
{% endstep %}
{% endstepper %}

### Configure SAML attributes

{% stepper %}
{% step %}
**Scroll down further and click add attribute THREE times to open 3 attribute fields.**
{% endstep %}

{% step %}
**Type the information exactly as it appears in the screen below; it is case-sensitive.**
{% endstep %}

{% step %}
**Select User Groups and confirm the groups you want to enable SSO access for are checked. In this JumpCloud instance, there is only one group named All Users.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-75a2e2aed8452536d965293e0a152e8ce24361dd%2F85180a8d48ff55e89940ff1bcb6c6390cfc8559b.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Click activate to enable this group access to your Verkada application.**
{% endstep %}

{% step %}
**Click activate > confirm to complete your new SSO connector instance.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-6f0c28c52999494502e2883acf91d3c845ad2bf5%2Fc32517efa33266855268c4f5d80532eff90ca1cb.png?alt=media" alt="" width="563"></div>
{% endstep %}
{% endstepper %}

### Export XML metadata

{% stepper %}
{% step %}
**Once activated, go back to the featured application to download your XML metadata file.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-f3fedd7f7f8a7e86ace3688a58e300ddcb64c825%2F5149a71962083bbf998aeba4b5f1380f1076b426.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Select SSO and click Export Metadata to export the JumpCloud Metadata file.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-b8df880acd67d0f3392fcb598be08b88efa0ea26%2F3791c2acec4daa4cec8acd4768208928d4af5ba3.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Save the exported file, give it a relevant name, and click OK > Save.**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-f8de377af272c4293c816fccd5d24d8b6d696474%2Fe93f3e71d221820847ec07b5801c811f5a39c870.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**After downloading the XML file,** [**upload it to Command**](https://help.verkada.com/command/security/identity-providers/..#command-sso-configuration)**.**
{% endstep %}
{% endstepper %}

### Ensure your SSO users are provisioned (optional)

{% hint style="warning" %}
Make sure your users using SSO are already provisioned in Command, whether you use SCIM or you create their accounts manually; otherwise, SSO does not work.
{% endhint %}

{% stepper %}
{% step %}
**Your users can access the** [**JumpCloud User Console**](https://console.jumpcloud.com/userconsole#/) **(IdP-initiated flow).**

<div align="left" data-with-frame="true"><img src="https://705858581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNRq5qDDjsYNxwNzF1bcB%2Fuploads%2Fgit-blob-9b582915a928fbf1a670bf32fbd410f676cbc74c%2F8bac17fdb9207f42b0b9030f397a66c7e68b574c.png?alt=media" alt="" width="563"></div>
{% endstep %}

{% step %}
**Choose single sign-on via Command (Service Provider \[SP]-initiated flow).**
{% endstep %}
{% endstepper %}