Skip to main content

Directories for User & Group Management

Learn how to segment management of users and user groups with Directories

Updated over a week ago

Directories allow organizations to segment user and group management into scoped containers. Each directory can include a subset of an organization’s users or user groups (both Command user groups and access control user groups).

This structure allows organizations to delegate user management to regional or functional admins without granting organization-wide permissions. For example, an admin managing badge access for the San Francisco office can be limited to the “SF Directory.”

Directories in Command

Directories allow organizations to segment user and group management, providing control over permissions, visibility, and administrative scope. With Directories, you can:

  • Restrict permissions to view, edit, or create users and groups to a specific directory.

  • Allow Access Control admins to manage users, access groups, and credentials for a location without affecting other sites.

  • Limit visibility and edit rights so directory-scoped admins can only act on users and groups within their assigned directory.

  • Optionally hide all users and groups outside an admin’s assigned directory.

Organize Directories

Organizations can move existing users and groups into a Directory or create new ones directly within a Directory. Users and groups are organized from Global, the organization-wide container, into individual Directories.

Global

Global contains all users and groups by default. Only roles granted at the org-wide level provide administrative control over Global and all Directories. SCIM-synced users sync to Global, and Global-level groups can serve as sources for assignment across Directories.

Directory

A Directory is a logical container for users and groups within an organization. It is typically used to represent locations, regions, campuses, business units, or tenants, enabling scoped administration.

Directories can:

  • Contain a subset of users and groups (Command and access control groups).

  • Exist only under Global (nesting is not supported).

  • Be managed independently via directory-scoped roles.

  • Automatically populate with users and groups via SCIM sync or existing Command/Access Control groups.

  • Automatically update when users are added or removed from synced or source groups.

  • Optionally restrict visibility so admins scoped to a Directory only see users and groups within their directory.

Manage Directories

Users

  • Users can be members of one or more directories.

  • Users created in or added to a directory will still be contained within Global.

  • SCIM-synced users are always placed in Global by default.

Groups

Like users, groups (both Command groups and Access control groups) can be placed in Directories.

  • Each group can exist in only one Directory.

  • A group can contain only users who belong to the same Directory.

  • Groups are scoped to their Directory and cannot be referenced in other Directories.

  • Groups can be automatically populated using SCIM-synced groups or existing Command/Access Control groups as sources of assignment, ensuring membership stays updated without manual changes.

Roles and permissions

User management permissions in Verkada are granted through Command roles and Access User Management roles.

By default, these roles provide permissions over all users, Command groups, and access groups across the organization. With Directories, these roles can optionally be scoped to a specific Directory.

The organization-wide version of these roles remains available. Assigning a user an organization-wide role grants permissions over all users and groups in Global and across all Directories.

Users assigned one of these roles before Directories were enabled will automatically retain the organization-wide version of the role.

Directory-specific roles & permissions

Role

Scope

Key User Management Permissions

Org Admin

Organization-wide

  • Create and delete Directories

  • Manage all users and command groups

Command User Admin

Organization-wide

Create, edit, and delete users and Command groups in Global and across all Directories

Command User Viewer*

Organization-wide

View users and groups

Access User Admin

Organization-wide

Create, edit, and delete users and Command groups in Global and across all Directories

Access User Manager

Organization-wide

Edit users and access group memberships in Global and across all Directories

Access Credential Manager

Organization-wide

Edit and delete user credentials (cards, PINs, mobile unlocks) in Global and across all Directories

Global User Move Permissions (Organization-Wide)

Organization-wide

Move users and groups between Directories across the organization

Command User Admin

Directory

Create, edit, and delete users and command groups within the relevant Directory

Command User Viewer

Directory

View users and groups within the relevant Directory

Access User Admin

Directory

Create, edit, and delete users and command groups within the Directory

Access User Manager

Directory

  • Create users and credentials

  • Manage group membership within the Directory

Access Credential Manager

Directory

Create and edit user credentials within the Directory

Access Group Manager (Directory-Scoped)

Directory

Edit users and access group memberships within the Directory

With directory-scoped roles, admins can only view and manage users, groups, and credentials within their assigned directory. Access and visibility outside the directory are fully restricted.

* The Command User Viewer role is only available to assign to users if Limit User Visibility is enabled.

Configuration

Enable Directories

All directory functionality is disabled by default. Directories can be enabled from Feature Manager. Once enabled, Directories can be created and managed from the Admin > User Management page in Command.

  1. In Command, go to All Products > Admin .

  2. UnderOrg Settings, select Feature Manager.

  3. Under Command, select Enable next to Directories.

After enabling Directories:

  • All existing users, groups, and role assignments remain visible in the Global view.

  • You can create directories to manage users and groups within scoped areas.

  • To fully hide out-of-scope users and groups for directory-scoped admins, enable Limited User Visibility for Site Roles in Feature Manager.

You will not be able to enable Directories if your organization has users assigned any legacy Access Control roles. See Legacy Access Control Roles for more information.

Create a Directory

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management.

  3. In the top left, click Global.

    1. Next to Directories, click on .

    2. Select New Directory.

    3. Enter a globally unique name.

    4. Hit enter on your keyboard to save.

Auto-creating a Directory from a site will only copy the site’s name during Directory creation. Directory and site names will not be kept in sync after creation.

After creating directories:

  • Move existing users and groups from Global into the desired directories.

  • Create new users or groups directly within a directory.

  • Automatically populate directories using SCIM-synced groups or existing Command/Access Control groups as sources of assignment.

  • When Limited User Visibility for Site Roles is enabled in Feature Manager, directory-scoped admins can only see users and groups within their assigned directory.

Add users to a Directory

Existing user

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Users.

  3. Select one or more users and click Add to Directory.

    1. Select the needed Directories.

    2. Click Done.

New user

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Users.

  3. In the top right, click Add User.

    1. Follow the on-screen instructions to create a new user.

    2. On Directories:

      1. Select the needed Directories.

      2. Click Done.

    3. Continue with the step-up steps.

    4. Click Create New User.

Add groups to a Directory

Existing groups

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Groups.

  3. Select one or more groups and click Add To Directory > Move to Directory.

  4. Select a single Directory and click Done.

When you move a group into a directory, all its users are added to that directory if they aren’t already members. Removing the group later does not remove its users from the directory.

New groups

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Groups.

  3. In the top right, click Create.

  4. Select Command Group or Access Group.

    1. Follow the on-screen instructions to create a new group.

    2. On Directory Location, select a specific Directory.

    3. Continue with the step-up steps.

    4. Click Create Group.

Grant Directory-scoped roles

Command roles

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Users or Groups.

  3. In the left navigation, next to Command Roles, click.

  4. Locate the desired directory and choose Command User Admin.

Access User Management roles

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users Management > Users or Groups.

  3. Under Access Control Roles, click.

  4. Under User Management Role, locate the desired directory and select the relevant access user role.

Sync users to a Directory

  1. In Verkada Command, go to All Products > Admin.

  2. In the left navigation, select Users & Permissions > Directories.

  3. In the top left, select Groups.

  4. Select the checkbox next to the group(s) from the list to use as a source of assignment for a Directory.

  5. In the top right, click Add To Directory > Sync to Directory.

    1. Select the Directory where you want to sync users from this group.

    2. Click Confirm.

    3. Alternatively, you can go to an individual group’s page and choose to sync its members to a Directory.

  • SCIM groups cannot be added to a directory like locally managed Command or Access groups. They can only sync their members to a directory.

  • A group can either be added to a directory or set to sync its members. It cannot do both.

Limit User Visibility

When Directories are enabled, Org Admins can activate the Limit User Visibility setting in Feature Manager. This setting restricts which users and groups are visible in both Command and access control based on the user’s assigned role.

With Limit User Visibility enabled, users with the following roles see only users and groups associated with their assigned sites:

  • Site Admin

  • Site Viewer

  • Access System Manager

  • Access Site Admin

  • Access Site Manager

  • Access Site Viewer

  • Workplace Site Admin

This ensures that site-level and system managers cannot view users outside their assigned locations, improving privacy and maintaining proper access boundaries.

Need more help? Contact Verkada Support.

Related Articles
Manage Command Groups
Add and Modify Access Groups
Add a User to the Verkada Access System
Assign a User Access to a Door
Use SCIM for Access Groups
Did this answer your question?