Skip to main content

Okta SAML Integration - Government Solutions

Learn how to set up SAML with Okta for your Government Solutions organization

Updated this week

Verkada Command can integrate with Okta using Security Assertion Markup Language (SAML).

SAML handles the authentication process, allowing Okta to be used to manage access to Command, the same as any other Software as a Service (SaaS) application already integrated into your Okta tenant. This means Command can be incorporated into your existing identity framework and be access-controlled based on your current policies in place.


Before you begin

For a successful integration, choose the best path for your region:

Create a Verkada Okta app

  1. Log in to Okta.

  2. Go to the Applications page and click Browse App Catalog.

  3. In the search bar, type Verkada.

  4. Click Add.

  5. Click Done.

Attribute mappings

  1. Navigate to Directory > Profile Editor > choose the Verkada app > verify the attributes

  2. Click on Mappings and Verify App to Okta user mappings

  3. User to App mappings:


Configuration

  1. In Okta, select the Sign On tab for the Verkada app, and click Edit.

  2. Scroll down to Advanced Sign-On Settings and enter the Client ID from your Command account.

  3. Select Save.

  4. Scroll further down to SAML Signing Certificates and click Generate new certificate, if a new certificate does not exist.

  5. To the right of the certificate, select the Actions dropdown and click View IdP metadata

  6. Right click on the metadata and select save as and download as XML file type.

  7. After downloading the XML file, you need to upload it to Command.

  8. In the Verify Metadata section, click Run Login Test.


Troubleshooting

  • Updating usernames (emails) does not automatically take effect in Command. If you need to change a username, un-assign the user from the SAML app, then re-add the user to the app for the change to take effect.

  • If a new user cannot log in via SSO, it could be because the email domain is not being added to the SSO configuration in the Verkada backend. If the user's email is outside of the email domains provided when SSO was set up, this causes the user to be unable to use SSO. If this is the cause of the problem, you need to edit the SSO configuration and add this domain to remedy the issue.

  • If you experience any other problems with setting up SSO, contact Verkada Support.


Need more help? Contact Verkada Support.

Did this answer your question?