Verkada Command has the ability to integrate with ADFS to allow your users to log in using their existing Active Directory credentials.
SAML is the language that allows ADFS to communicate to Verkada Command to securely grant your users access to your organization. Please note that SAML does not add or invite users to your organization; it simply allows those users who are already provisioned to log in with their AD credentials, rather than with a username and password managed by Verkada. If you are interested in syncing domain users and groups to Command, please see more information about SCIM.
SAML Integration
Prerequisite
Please follow the steps in this article to generate your organization's clientID. The client ID is case-sensitive.
Process
Step 1: Open AD FS Management
Step 2: Select Action > Add Relying Party Trust
Step 3: Select Start
Step 4: Select Enter data about the relying party manually
Step 5: The Display name can be anything
Step 6: Select Next
Step 7: Select Enable support for the SAML 2.0 WebSSO protocol and enter https://vauth.command.verkada.com/saml/sso/clientID into the Relying party SAML 2.0 SSO service URL field, replacing clientID with the Client ID that was generated
Step 8: Enter the same URL from the previous step into the Relying party trust identifier field and select Add
Step 9: Configure an appropriate access control policy for this application
Step 10: Select Next
Step 11: Select Close
Step 12: Right-click on the newly-created Relying Party Trust and select Edit Claim Issuance Policy
Step 13: Select Add Rule
Step 14: Ensure Send LDAP Attributes as Claims is selected and select Next
Step 15: Enter a Claim rule name (which can be anything), ensure that Active Directory is selected under Attribute store, and configure the following LDAP Attributes to map to the proper Outgoing Claim Type:
E-Mail-Addresses > E-Mail Address
Given-Name > Given Name
Surname > Surname
Step 16: Add another rule, this time selecting Transform an Incoming Claim under Claim rule template
Step 17: Enter a Claim rule name (this can be anything), select E-Mail Address next to Incoming claim type, select Name ID next to Outgoing claim type, select Transient Identifier next to Outgoing name ID format, and ensure that Pass through all claim values is selected
Step 18: Go to https://<your ADFS server>/FederationMetadata/2007-06/FederationMetadata.xml to download your XML metadata file
Note: Please do not use Internet Explorer to complete this step; using Internet Explorer may cause issues with the XML file.
Step 19: Follow the steps in this article to complete the SAML setup on Command
Step 20: Once the integration is complete, please test it by opening an Incognito/Private Browsing window and visiting https://vauth.command.verkada.com/saml/login/clientID, replacing clientID with your Client ID from step 7. You should be taken to your ADFS login page. Please attempt to sign in using your credentials. If you are then taken to your Command organization, congratulations, the SAML integration was a success! If you see an error presented to you, please contact Verkada Support for further assistance.