Skip to main content
All CollectionsCommandSAML/SSO
OIDC based SSO for Azure Entra
OIDC based SSO for Azure Entra
Updated over a month ago

Verkada Command supports Single Sign-On (SSO) through OpenID Connect (OIDC) with Azure Entra. This integration allows our users to seamlessly and securely authenticate using their existing Azure Entra credentials, streamlining access to Command and enhancing overall security.

Azure Entra configuration

  1. Log in to your Azure Entra portal.

  2. Search for and select App registrations.

  3. Click New Registration.

    1. Name the application Verkada SSO OIDC.

    2. Under Supported account types, select Accounts in this organizational directory only (<customer-name> only - Single tenant).

    3. Under Redirect URI, select Single-page application (SPA) as the platform and enter https://command.verkada.com/oidc/aad/callback as the callback URL.

      Note: Verify there is no trailing slash in the callback URI.

  4. Click Register.

  5. Copy and store your Application (Client) ID and Directory (Tenant) ID in a safe place. You will need them to complete the setup in Verkada Command.

  6. On the left, click Manage > Expose an API.

    1. Click Add a scope.

    2. Click Save and continue.

    3. Enter verkada_ece for the following fields:

      • Scope name

      • Admin consent display name

      • Admin consent description

      • User consent display name

      • User consent description

    4. Set Who can consent? to Admins and users.

    5. Click Add scope.


Verkada Command configuration

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Privacy & Security .

  3. Under Authentication & User Configuration select Single Sign-On Configuration.

  4. Next to OIDC Configuration, click Add New.

  5. Under Select Provider, select Azure Entra.

  6. Under Client and Tenant ID's click Add.

    1. In the Client ID field, paste the Client ID you copied from Azure Entra.

    2. In the Tenant ID field, paste the Tenant ID you copied from Azure Entra.

    3. Click on Done to complete the configuration.

  7. Under Login Test click Run Login Test.

  8. A successful login test should redirect to the OIDC configuration page. Once you’re logged in, add the domain that you need to whitelist.

  9. Once your domain is added, run the login test again. SSO will not be enabled until this second login test successfully completes.

  10. Once your domain is verified, you should see it successfully validated.


Need more help? Contact Verkada Support.

Did this answer your question?