Verkada Command has the ability to integrate with GSuite (among other IDPs) for SSO scenarios.
SAML handles the authentication side of things allowing GSuite to be used to manage access to Verkada Command.
Before starting the below steps, ensure you have already registered on Verkada Command and an account exists for the user in the same custom domain.
Verkada Command can be added as a custom application.
To get started there are a couple of pieces of information we are going to be using:
- Client ID - This allows us to uniquely identify your Command instance and should equal your custom domain name. For example verkada.com would use verkada as the client ID.
- Federation Data XML - This is unique information from your GSuite instance allowing us to setup the federation between GSuite and your Verkada Command instance (the steps to download this are provided later).
Head on over to the apps section of your GSuite admin dashboard and select SAML apps.
Select the "Enable SSO for SAML Application" icon in the bottom right to add a new SAML application for SSO.
Select setup my own custom app.
On the Google IDP information step, we are going to make use of the second option. This downloads the IDP metadata which corresponds to the federation metadata XML discussed at the start of this article. This allows us to setup the SSO on our side in order to complete the setup. Keep this download somewhere accessible; we will need it later.
On the next step fill in the application information:
The Verkada Command logo can be obtained from the following location for easy addition to your GSuite application:
The next step requires two pieces of information:
- ACS URL - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
- Entity ID - https://vauth.command.verkada.com/saml/sso/<client-id> taking note here to fill in the client ID section, removing the <>.
The next step is to fill in the attribute mapping to ensure Verkada Command receives the correct information about the user. Create the mappings to match the screenshot below:
Once you select Finish, you should see the following page:
The last step for the setup is to send a copy of the Federation Metadata XML file to Verkada Support, who will be able to complete the integration process. Please email [email protected] with this information along with the Client ID.
Access to Verkada Command can then be achieved through the following URL - https://vauth.command.verkada.com/saml/login/<client id> substituting the client ID with the one used during setup. This will redirect you to the IDP (GSuite) to complete the login process.
Login through the Mobile Application when leveraging SAML Integration
Verkada Command on both Android and iOS supports login through SAML.
Within the email address field, enter the email of the user in question and hit Next. At this point, you will be redirected to your IDP (GSuite) to complete the login process.