Verkada Command has the ability to integrate with Google Workspace (among other IDPs) for SSO scenarios.
SAML handles the authentication side of things allowing Google Workspace to be used to manage access to Verkada Command.
Before starting the below steps, ensure you have already registered on Verkada Command and an account exists for the user in the same custom domain.
Verkada Command can be added as a custom application.
To get started there are a couple of pieces of information we are going to be using:
Client ID - Can be found by navigating to Admin > Privacy & Security > Single Sign-On Configuration > Add New
Federation Data XML - This is unique information from your Google Workspace instance allowing us to setup the federation between Google Workspace and your Verkada Command instance (the steps to download this are provided later).
Head on over to the apps section of your Google Workspace admin dashboard and select Web and mobile apps.
Select the Add app dropdown menu and select Add custom SAML app.
On the first step, fill in the application information; any name and description can be used.
The Verkada Command logo can be obtained from the following location for easy addition to your Google Workspace application:
On the Google IDP information step, we are going to make use of the first option. This downloads the IDP metadata which corresponds to the federation metadata XML discussed at the start of this article. This allows us to set up the SSO configuration on the Command side. Keep this download somewhere accessible; we will need it later.
The next step requires the following pieces of information:
ACS URL - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
Entity ID - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
Start URL - https://vauth.command.verkada.com/saml/login/<client-id> taking note here to fill in the client ID section, removing the <>.
The next step is to fill in the attribute mapping to ensure Verkada Command receives the correct information about the user. Create the mappings to match the screenshot below:
Once you select Finish, you should be redirected to the app configuration page.
The last step for the setup is to upload a copy of the Federation Metadata XML file to Command.
Access to Verkada Command can then be achieved through the following URL - https://vauth.command.verkada.com/saml/login/<client id> substituting the client ID with the one used during setup. This will redirect you to the IDP (Google Workspace) to complete the login process.
Login through the Mobile Application when leveraging SAML Integration
Verkada Command on both Android and iOS supports login through SAML.
Within the email address field, enter the email of the user in question and hit Next. At this point, you will be redirected to your IDP (Google Workspace) to complete the login process.