Skip to main content
All CollectionsCommandSAML/SSO
Microsoft Entra ID SAML Integration
Microsoft Entra ID SAML Integration

Learn how to integrate Verkada Command with Microsoft Entra ID for SAML

Updated over a month ago

Depending on your use case, Verkada Command has the ability to integrate with Microsoft Entra ID, amongst other Identify Providers [IdPs], in the following capacities:

  • Security Assertion Markup Language (SAML)

  • System for Cross-Domain Identity Management (SCIM)

SAML handles the authentication side of things allowing Microsoft Entra ID to be used to manage access to Command, the same as any other Software as a Service (SaaS) application already integrates into your Microsoft Entra ID tenant. This means that you can incorporate Command into your existing identity framework and authorize users based on your current policies.

SCIM allows you to leverage your existing users and groups already present in Microsoft Entra ID and synchronize these with Command. This allows you to retain the current central IdP, and configure permissions in Command using your existing users and groups.


Set up SAML in Microsoft Entra ID

Verkada Command is registered as a gallery application and can be found within the Microsoft Entra ID marketplace; in other words, you can leverage it with Microsoft Entra ID Free, Microsoft Entra ID P1, and Microsoft Entra ID P2 licenses.

To get started, you need your client-ID. Learn how to generate it and configure your email domains, then return to this article to complete the remainder of this process.

  1. Add Verkada Command as an enterprise application in your Microsoft Entra ID directory: Go to your Microsoft Entra ID overview page and select Enterprise applications.

  2. At the top of the page, select New Application and search for Verkada Command.

  3. Select Verkada Command and click Create. Be patient as it can take a few minutes to add the application to your Microsoft Entra ID tenant.

    Once the page refreshes, you should see a similar menu (as shown below).

  4. On Set up single sign-on, click Get started.

  5. Choose SAML as the single sign-on method.

  6. If necessary, click Edit to further configure your SAML connection.

  7. Configure the following fields. You need to add your client ID to the end of each URL before adding them to Microsoft Entra ID. See example below the note.

  8. Click Save.

  9. On Attributes & Claims, click Edit to be consistent with these attributes:

  10. On SAML Signing Certificate, import this Federation Metadata XML into Command.

  11. Click Download to save for later.

If you use a different source attributes for email, configure the attributes according to the source attribute you want to use.s

The next dialogs that appear contain tools that you can use after the integration has been finalized.

Upload your Federation Metadata XML in Command

After you have completed the steps in Microsoft Entra ID and downloaded the metadata, upload the XML metadata file in Command.

Test the SAML Connection in AMicrosoft Entra ID

  1. Once the file is uploaded, in your Microsoft Entra ID, click Test to test the integration. A notification will be sent to all users who have a Command account (invitation to org).

  2. Log in with Sign in as current user. If everything is set up correctly, you should be redirected to the Command platform.

  3. Log in with single-sign on to verify access to Command.

Microsoft Entra ID does not support nested groups for app access at this time. All users must be direct members of groups for assignment.

Log in via the mobile application

Android and iOS on Command supports login through SAML.

In the email address field, enter your email and click Next. You should be redirected to your IdP (Microsoft Entra ID) to complete the login process.


Need more help? Contact Verkada Support.

Did this answer your question?