All Collections
Command
SAML/SSO
Azure AD SAML Integration
Azure AD SAML Integration

Learn how to integrate Verkada Command with Azure AD for SAML

Updated over a week ago

Depending on your use case, Verkada Command has the ability to integrate with Azure Active Directory (AD), amongst other Identify Providers [IdPs], in the following capacities:

  • Security Assertion Markup Language (SAML)

  • System for Cross-Domain Identity Management (SCIM)

SAML handles the authentication side of things allowing Azure AD to be used to manage access to Command, the same as any other Software as a Service (SaaS) application already integrates into your Azure AD tenant. This means that you can incorporate Command into your existing identity framework and authorize users based on your current policies.

SCIM allows you to leverage your existing users and groups already present in Azure AD and synchronize these with Command. This allows you to retain the current central IdP, and configure permissions in Command using your existing users and groups.


Set up SAML in Azure AD

Verkada Command is registered as a gallery application and can be found within the Azure AD marketplace; in other words, you can leverage it with Azure AD Free, Azure AD P1, and Azure AD P2 licenses.

Required. To get started, you need your client-ID. Learn how to generate it and configure your email domains, then return to this article to complete the remainder of this process.

  1. Add Verkada Command as an enterprise application in your Azure AD directory: Go to your Azure AD overview page and select Enterprise applications.

  2. At the top of the page, select New Application and search for Verkada Command.

  3. Select Verkada Command and click Create. Be patient as it can take a few minutes to add the application to your Azure AD tenant.

    Once the page refreshes, you should see a similar menu (as shown below).

  4. On Set up single sign-on, click Get started.

  5. Choose SAML as the single sign-on method.

  6. If necessary, click Edit to further configure your SAML connection.

  7. Configure the following fields. You need to add your client ID to the end of each URL before adding them to Azure. See example below the note.

    1. Note: To confirm which region you're located, please refer to where your organization was created for Verkada.

  8. Click Save.

  9. On Attributes & Claims, click Edit to be consistent with these attributes:

  10. On SAML Signing Certificate, import this Federation Metadata XML into Command.

  11. Click Download to save for later.

Note: If you use a different source attributes for email, configure the attributes according to the source attribute you want to use.s

The next dialogs that appear contain tools that you can use after the integration has been finalized.

Upload your Federation Metadata XML in Command

After you have completed the steps in Azure and downloaded the metadata, upload the XML metadata file in Command.

Test the SAML Connection in Azure AD

  1. Once the file is uploaded, in your Azure AD, click Test to test the integration. A notification will be sent to all users who have a Command account (invitation to org).

  2. Log in with Sign in as current user. If everything is set up correctly, you should be redirected to the Command platform.

  3. Log in with single-sign on to verify access to Command.

Note: Azure does not support nested groups for app access at this time. All users must be direct members of groups for assignment.

Log in via the mobile application

Note: Android and iOS on Command supports login through SAML.

In the email address field, enter your email and click Next. You should be redirected to your IdP (Azure AD) to complete the login process.

Related resources


Need more help? Contact Verkada Support

Did this answer your question?