JumpCloud SAML Integration

In Verkada Command, go to All Products > Admin > Privacy & Security > Authentication & User Management.

Click Add New to set up single sign-on (SSO).

Navigate to your JumpCloud dashboard and click SSO to view your SSO applications.

Click the plus (+) icon to create a new application.

​

Click Custom SAML App.

​

Name your application, add a description, and (optionally) change the icon. Use a name relevant to Verkada.

When you’re finished, at the top menu, select SSO, and click activate.

​

Configure the IdP Entity ID, SP Entity ID, and ACS URL as follows:

• For IdP Entity ID: For US orgs: https://vauth.command.verkada.com/saml/sso For EU orgs: https://saml.prod2.verkada.com/saml/sso

  For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso

• For SP Entity ID: For US orgs: https://vauth.command.verkada.com/saml/sso For EU orgs: https://saml.prod2.verkada.com/saml/sso

  For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso

• For Sign on URL: For US orgs: https://vauth.command.verkada.com/saml/login For EU orgs: https://saml.prod2.verkada.com/saml/login

  For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/login

• Alternatively, you can copy the fields from Command. ​ ​Note: To confirm which region you’re located, please refer to where your organization was created for Verkada. ​

Click activate.

​

Scroll down and select the dropdown to set your SAML Subject NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

Check the Sign Assertion box, if not done already.

Set the Login URL where you can replace <client-ID> by your previously-generated client ID (in this application example, cto is the client ID):

• For US orgs: https://vauth.command.verkada.com/saml/login/%3Cclient-ID%3E

• For EU orgs: https://saml.prod2.verkada.com/saml/login/%3Cclient-ID%3E

• For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso/%3Cclient-ID%3E ​ ​Note: To confirm which region you’re located, please refer to where your organization was created for Verkada. ​

Check the Declare Redirect Endpoint box, if not done already, and click activate.

​

Scroll down further and click add attribute THREE times to open 3 attribute fields.

Type the information exactly as it appears in the screen below; it is case-sensitive.

Select User Groups and confirm the groups you want to enable SSO access for are checked. In this JumpCloud instance, there is only one group named All Users.

​

Click activate to enable this group access to your Verkada application.

Click activate > confirm to complete your new SSO connector instance.

​

Once activated, go back to the featured application to download your XML metadata file.

​

Select SSO and click Export Metadata to export the JumpCloud Metadata file.

​

Save the exported file, give it a relevant name, and click OK > Save.

​

Go to Command and upload your IdP XML metadata file.

When the file is uploaded, click Add Domain to add the Fully Qualified Domain Name (FQDN) that your users log in with.

Type the domain name and press Enter to save. You can repeat this process for multiple domain names.

​

Run the login test. It is expected behavior that the page refreshes to your IdP’s authentication page. If you’re not already authenticated, then it bounces back to Command. If the test is successful, you should see a success message.

​

(Optional) You can enable Require SSO to force users to SSO instead of logging in via Command.

Your users can access the JumpCloud User Console (IdP-initiated flow).

​

Choose single sign-on via Command (Service Provider [SP]-initiated flow).