Verkada Command has the ability to integrate with ADFS to allow your users to log in using their existing Active Directory credentials.

SAML is the language that allows ADFS to communicate to Verkada Command to securely grant your users access to your organization. Please note that SAML does not add or invite users to your organization; it simply allows those users who are already provisioned to log in with their AD credentials, rather than with a username and password managed by Verkada. If you are interested in syncing domain users and groups to Command, please see more information about SCIM.

SAML Integration

Prerequisite

Please follow the steps in this article to generate your organization's clientID. The client ID is case-sensitive.

Process

Step 1: Open AD FS Management

Step 2: Click Action > Add Relying Party Trust

Step 3: Click Start

Step 4: Select Enter data about the relying party manually

Step 5: The Display name can be anything

Step 6: Click Next

Step 7: Select Enable support for the SAML 2.0 WebSSO protocol and enter https://vauth.command.verkada.com/saml/sso/clientID into the Relying party SAML 2.0 SSO service URL field, replacing clientID with the Client ID that was generated

Step 8: Enter the same URL from the previous step into the Relying party trust identifier field and click Add

Step 9: Configure an appropriate access control policy for this application

Step 10: Click Next

Step 11: Click Close

Step 12: Right-click on the newly-created Relying Party Trust and select Edit Claim Issuance Policy

Step 13: Click Add Rule

Step 14: Ensure Send LDAP Attributes as Claims is selected and click Next

Step 15: Enter a Claim rule name (which can be anything), ensure that Active Directory is selected under Attribute store, and configure the following LDAP Attributes to map to the proper Outgoing Claim Type:

  • E-Mail-Addresses > E-Mail Address

  • Given-Name > Given Name

  • Surname > Surname

Step 16: Add another rule, this time selecting Transform an Incoming Claim under Claim rule template

Step 17: Enter a Claim rule name (this can be anything), select E-Mail Address next to Incoming claim type, select Name ID next to Outgoing claim type, select Transient Identifier next to Outgoing name ID format, and ensure that Pass through all claim values is selected

Step 18: Go to https://<your ADFS server>/FederationMetadata/2007-06/FederationMetadata.xml to download your XML metadata file

Note: Please do not use Internet Explorer to complete this step; using Internet Explorer may cause issues with the XML file.

Step 19: Follow the steps in this article to complete the SAML setup on Command

Step 20: Once the integration is complete, please test it by opening an Incognito/Private Browsing window and visiting https://vauth.command.verkada.com/saml/login/clientID, replacing clientID with your Client ID from step 7. You should be taken to your ADFS login page. Please attempt to sign in using your credentials. If you are then taken to your Command organization, congratulations, the SAML integration was a success! If you see an error presented to you, please contact Verkada Support for further assistance.

Did this answer your question?