Contact Support

OIDC Based SSO for Google Workspace

Verkada Command supports Single Sign-On (SSO) through OpenID Connect (OIDC) with Google Workspace. This integration allows our users to seamlessly and securely authenticate using their existing Google credentials, streamlining access to Command and enhancing overall security.

OIDC is not supported on the Pass app or Desk Station apps.

Enable Enterprise Controlled Encryption (ECE) for enhanced security.

OIDC configuration

1

Log in to your Google Cloud console.

2

Click New Project to create a new project under your Google Workspace organization.

3

In your new project, navigate to APIs & Services > Library.

a. Enable the following APIs:

  1. Identity and Access Management (IAM) API

  2. Admin SDK API

4

Navigate to APIs & Services > OAuth Consent Screen. Select Internal for the User Type and click Create.

5

Click Edit App.

6

Configure your OAuth Consent Screen. Give your app an identifiable name (e.g., Verkada SSO OIDC), and put the email of the entity that manages your organization’s Google Workspace (e.g., IT) as your app’s user support email. Click Save and Continue.

7

Configure your OAuth Scopes.

8

Select the following scopes:

9

Click Update.

If you do not see the last option, you may have to Add To Table under Manually add scopes.

10

Click Save and Continue and return to your application’s dashboard.

11

Navigate to Credentials. Click Create Credentials and create an OAuth client ID.

12

Select Web application as your application type. Give your client an identifiable name, and add the following to the list of authorized redirect URIs:

Click Create.

13

Copy your Client ID. Note that we will not be using the Client secret.

Verkada Command Configuration

1

In Verkada Command, go to All Products > Admin.

2

In the left navigation, select Login & Access.

3

Select Single Sign-On Configuration.

4

Under OIDC Configuration, click Add New.

a. Toggle on Enable. b. (Optional) Toggle on Require OIDC SSO. c. Under Select Provider, select Google. d. Under Add Client and Tenant, click .

  1. In the Client ID field, paste the Client ID you copied from Google Cloud Console.

  2. In the Tenant ID field, enter the domain used by your organization’s Google Workspace (if your Google email is [email protected], enter your-domain.com).

  3. Click on Done to complete the configuration.

h. Email Domains, click .

  1. Enter your domain name present (e.g. @verkada.com).

  2. Click Done.

5

Under Login Test click Run Login Test.

6

A successful login test should redirect to the OIDC configuration page. Once you’re logged in, add the domain that you need to whitelist under Associated Domains.

7

Once your domain is added, run the login test again. SSO will not be enabled until this second login test successfully completes.

8

Once your domain is verified, you should see it successfully validated.

Need more help? Contact Verkada Support.

Last updated

Was this helpful?