Depending on your use case, Verkada Command has the ability to integrate with Azure Active Directory (AD), amongst other Identify Providers [IdPs], in the following capacities:
Security Assertion Markup Language (SAML)
System for Cross-Domain Identity Management (SCIM)
SAML handles the authentication side of things allowing Azure AD to be used to manage access to Command, the same as any other Software as a Service (SaaS) application already integrates into your Azure AD tenant. This means that you can incorporate Command into your existing identity framework and authorize users based on your current policies.
SCIM allows you to leverage your existing users and groups already present in Azure AD and synchronize these with Command. This allows you to retain the current central IdP, and configure permissions in Command using your existing users and groups.
Set up SAML in Azure AD
Verkada Command is registered as a gallery application and can be found within the Azure AD marketplace; in other words, you can leverage it with Azure AD Free, Azure AD P1, and Azure AD P2 licenses.
Before you begin
To get started, you need your client-ID. Learn how to generate it and configure your email domains, then return to this article to complete the remainder of this process.
How it works
Add Verkada Command as an enterprise application in your Azure AD directory: Go to your Azure AD overview page and select Enterprise applications.
At the top of the page, select New Application and search for Verkada Command.
Select Verkada Command and click Create. Be patient as it can take a few minutes to add the application to your Azure AD tenant.
Once the page refreshes, you should see a similar menu (as shown below).
On Set up single sign-on, click Get started.
Choose SAML as the single sign-on method.
If necessary, click Edit to further configure your SAML connection.
Configure the following fields and click Save:
For Identifier:
For US orgs: https://vauth.command.verkada.com/sam/sso
For EU orgs: https://saml.prod2.verkada.com/saml/ssoFor Reply URL:
For US orgs: https://vauth.command.verkada.com/sam/sso
For EU orgs: https://saml.prod2.verkada.com/saml/ssoFor Sign on URL:
For US orgs: https://vauth.command.verkada.com/saml/login
For EU orgs: https://saml.prod2.verkada.com/saml/loginNote: To confirm which region you're located, please refer to where your organization was created for Verkada.
On Attributes & Claims, click Edit to be consistent with these attributes:
On SAML Signing Certificate, import this Federation Metadata XML into Command.
Click Download to save for later.
Note: If you use a different source attributes for email, configure the attributes according to the source attribute you want to use.s
The next dialogs that appear contain tools that you can use after the integration has been finalized.
Upload your Federation Metadata XML in Command
After you have completed the steps in Azure and downloaded the metadata, upload the XML metadata file. This process is performed in Command.
Test the SAML Connection in Azure AD
Once the file is uploaded, in your Azure AD, click Test to test the integration.
Log in with Sign in as current user. If everything is set up correctly, you should be redirected to the Command platform.
Log in with single-sign on to verify access to Command.
Note: Azure does not support nested groups for app access at this time. All users must be direct members of groups for assignment.
Log in via the mobile application
Note: Android and iOS on Command supports login through SAML.
In the email address field, enter your email and click Next. You should be redirected to your IdP (Azure AD) to complete the login process.
Learn more
Visit the Verkada Training Center for bite-sized video tutorials on how to accomplish role-based tasks in Command.
Need more help? Contact Verkada Support