Verkada Command has the ability to integrate with Google Workspace (among other IDPs) for SSO scenarios.
SAML handles the authentication side of things allowing Google Workspace to be used to manage access to Verkada Command.
Before starting the below steps, ensure you have already registered on Verkada Command and an account exists for the user in the same custom domain.
Verkada Command can be added as a custom application.
To get started there are a couple of pieces of information we are going to be using:
Client ID - Which is generated in Command.
Federation Data XML - This is unique information from your Google Workspace instance allowing us to setup the federation between Google Workspace and your Verkada Command instance (the steps to download this are provided later).
Head on over to the apps section of your Google Workspace admin dashboard and select SAML apps.
Select the "Enable SSO for SAML Application" icon in the bottom right to add a new SAML application for SSO.
Select setup my own custom app.
On the Google IDP information step, we are going to make use of the second option. This downloads the IDP metadata which corresponds to the federation metadata XML discussed at the start of this article. This allows us to setup the SSO on our side in order to complete the setup. Keep this download somewhere accessible; we will need it later.
On the next step fill in the application information:
The Verkada Command logo can be obtained from the following location for easy addition to your Google Workspace application:
The next step requires two pieces of information:
ACS URL - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
Entity ID - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
Start URL - https://vauth.command.verkada.com/saml/login/<client-id> taking note here to fill in the client ID section, removing the <>.
The next step is to fill in the attribute mapping to ensure Verkada Command receives the correct information about the user. Create the mappings to match the screenshot below:
Once you select Finish, you should see the following page:
The last step for the setup is to upload a copy of the Federation Metadata XML file to Command
Access to Verkada Command can then be achieved through the following URL - https://vauth.command.verkada.com/saml/login/<client id> substituting the client ID with the one used during setup. This will redirect you to the IDP (Google Workspace) to complete the login process.
Login through the Mobile Application when leveraging SAML Integration
Verkada Command on both Android and iOS supports login through SAML.
Within the email address field, enter the email of the user in question and hit Next. At this point, you will be redirected to your IDP (Google Workspace) to complete the login process.