Verkada

Verkada Command supports Single Sign-On (SSO) through OpenID Connect (OIDC) with Azure Entra. This integration allows our users to seamlessly and securely authenticate using their existing Azure Entra credentials, streamlining access to Command and enhancing overall security.

Log in to your <a href="https://portal.azure.com" target="_blank" rel="nofollow noopener noreferrer">Azure Entra portal</a>.

Search for and select App registrations.

1. Name the application Verkada SSO OIDC.
2. Under Supported account types, select Accounts in this organizational directory only (&lt;customer-name&gt; only - Single tenant).
3. Under Redirect URI, select Single-page application (SPA) as the platform and enter <a href="https://command.verkada.com/oidc/aad/callback/" target="_blank" rel="nofollow noopener noreferrer">https://command.verkada.com/oidc/aad/callback</a> as the callback URL.
 Note: Verify there is no trailing slash in the callback URI.

Copy and store your Application (Client) ID and Directory (Tenant) ID in a safe place. You will need them to complete the setup in Verkada Command.

On the left, click Manage &gt; Expose an API.

1. Click Add a scope.
2. Click Save and continue.
3. Enter verkada_ece for the following fields:
 - Scope name
 - Admin consent display name
 - Admin consent description
 - User consent display name
 - User consent description
4. Set Who can consent? to Admins and users.
5. Click Add scope.

1. Log in to your <a href="https://portal.azure.com" target="_blank" rel="nofollow noopener noreferrer">Azure Entra portal</a>.
2. Search for and select App registrations.
3. Click New Registration.
 1. Name the application Verkada SSO OIDC.
 2. Under Supported account types, select Accounts in this organizational directory only (&lt;customer-name&gt; only - Single tenant).
 3. Under Redirect URI, select Single-page application (SPA) as the platform and enter <a href="https://command.verkada.com/oidc/aad/callback/" target="_blank" rel="nofollow noopener noreferrer">https://command.verkada.com/oidc/aad/callback</a> as the callback URL.
 Note: Verify there is no trailing slash in the callback URI.
4. Click Register.
5. Copy and store your Application (Client) ID and Directory (Tenant) ID in a safe place. You will need them to complete the setup in Verkada Command.
6. On the left, click Manage &gt; Expose an API.
 1. Click Add a scope.
 2. Click Save and continue.
 3. Enter verkada_ece for the following fields:
 - Scope name
 - Admin consent display name
 - Admin consent description
 - User consent display name
 - User consent description
 4. Set Who can consent? to Admins and users.
 5. Click Add scope.

___________________________________________________________

In Verkada Command, go to All Products &gt; Admin<img src="https://downloads.intercomcdn.com/i/o/956793463/e6b90df44b6e69f8d8f18544/Admin_icon.png?expires=1731996000&amp;signature=79eebeea68b6829fbc47333c7928f5740eea84547321fb036e8972557cfc7618&amp;req=fSUhEcB9mYdcFb4X1HO4ge6XZ1%2FLAEQeQCCgTFKkGB1G879dfm6Kn9n8Bny5%0A" width="25" alt="">.

In the left navigation, select Privacy &amp; Security <img src="https://downloads.intercomcdn.com/i/o/1093430549/dfb5e7456fb70a2f024013d4/Screenshot+2024-06-25+at+2_11_17%E2%80%AFPM.png?expires=1731996000&amp;signature=19bd9704c73d2b6022b80a94093e4d8971ec8938a92290f869e41dea247d6334&amp;req=dSAuFc19nYRbUPMW3Hu4gZzJ8nYuy%2F2PO7lOBPV1RxlkdGIINhpoQ1zo0lrj%0ASw%3D%3D%0A" width="20" alt="">.

Under Authentication &amp; User Configuration select Single Sign-On Configuration.

Next to OIDC Configuration, click Add New.

Under Select Provider, select Azure Entra.

Under Client and Tenant ID's click Add.

1. In the Client ID field paste the Client ID you copied from Azure Entra.
2. In the Tenant ID field enter the first part of your Azure Entra instance’s URL. It should look like this: <a href="https://yourinstancename.okta.com/" target="_blank" rel="nofollow noopener noreferrer">https://YourInstanceName.okta.com/</a>. 
3. Click on Done to complete the configuration.

Under Login Test click Run Login Test.

A successful login test should redirect to the OIDC configuration page. Once you’re logged in, add the domain that you need to whitelist.

Once your domain is added, run the login test again. SSO will not be enabled until this second login test successfully completes.

Once your domain is verified, you should see it successfully validated. 

1. In Verkada Command, go to All Products &gt; Admin<img src="https://downloads.intercomcdn.com/i/o/956793463/e6b90df44b6e69f8d8f18544/Admin_icon.png?expires=1731996000&amp;signature=79eebeea68b6829fbc47333c7928f5740eea84547321fb036e8972557cfc7618&amp;req=fSUhEcB9mYdcFb4X1HO4ge6XZ1%2FLAEQeQCCgTFKkGB1G879dfm6Kn9n8Bny5%0A" width="25" alt="">. 
2. In the left navigation, select Privacy &amp; Security <img src="https://downloads.intercomcdn.com/i/o/1093430549/dfb5e7456fb70a2f024013d4/Screenshot+2024-06-25+at+2_11_17%E2%80%AFPM.png?expires=1731996000&amp;signature=19bd9704c73d2b6022b80a94093e4d8971ec8938a92290f869e41dea247d6334&amp;req=dSAuFc19nYRbUPMW3Hu4gZzJ8nYuy%2F2PO7lOBPV1RxlkdGIINhpoQ1zo0lrj%0ASw%3D%3D%0A" width="20" alt="">.
3. Under Authentication &amp; User Configuration select Single Sign-On Configuration.
4. Next to OIDC Configuration, click Add New.
5. Under Select Provider, select Azure Entra.
6. Under Client and Tenant ID's click Add.
 1. In the Client ID field paste the Client ID you copied from Azure Entra.
 2. In the Tenant ID field enter the first part of your Azure Entra instance’s URL. It should look like this: <a href="https://yourinstancename.okta.com/" target="_blank" rel="nofollow noopener noreferrer">https://YourInstanceName.okta.com/</a>. 
 3. Click on Done to complete the configuration.

7. Under Login Test click Run Login Test.
8. A successful login test should redirect to the OIDC configuration page. Once you’re logged in, add the domain that you need to whitelist.
9. Once your domain is added, run the login test again. SSO will not be enabled until this second login test successfully completes.
10. Once your domain is verified, you should see it successfully validated.

Need more help? Contact <a href="https://help.verkada.com/en/articles/3430714-contact-verkada-support">Verkada Support</a>.

Azure Entra configuration

Verkada Command configuration