Verkada Command has the ability to integrate with ADFS (amongst other IDPs) to allow your users to log in using their existing Active Directory credentials.

SAML is the language that allows ADFS to securely communicate to Verkada Command whether or not a user should be granted access to your organization. Please note that SAML does not add or invite users to your organization; it simply allows those users who are already invited to your organization to log in with their AD credentials, rather than with a username and password managed by Verkada. If you are interested in syncing domain users and groups to Command, please see more information about SCIM.

SAML Integration

Prerequisite:

Please follow the steps in this article to generate your organization's clientID. The client ID is case-sensitive.

Step 1: Open AD FS Management.

Step 2: Click Action > Add Relying Party Trust.

Step 3: Click Start.

Step 4: Select Enter data about the relying party manually.

Step 5: The Display name can be anything.

Step 6: Click Next.

Step 7: Select Enable support for the SAML 2.0 WebSSO protocol and enter https://vauth.command.verkada.com/saml/sso/clientID into the Relying party SAML 2.0 SSO service URL field, replacing clientID with the Client ID that was generated.

Step 8: Enter the same URL from the previous step into the Relying party trust identifier field and click Add.

Step 9: Configure an appropriate access control policy for this application.

Step 10: Click Next.

Step 11: Click Close.

Step 12: Right-click on the newly-created Relying Party Trust and select Edit Claim Issuance Policy.

Step 13: Click Add Rule.

Step 14: Ensure Send LDAP Attributes as Claims is selected and click Next.

Step 15: Enter a Claim rule name (which can be anything), ensure that Active Directory is selected under Attribute store, and configure the following LDAP Attributes to map to the proper Outgoing Claim Type:

  • E-Mail-Addresses > E-Mail Address

  • Given-Name > Given Name

  • Surname > Surname

Step 16: Add another rule, this time selecting Transform an Incoming Claim under Claim rule template.

Step 17: Enter a Claim rule name (this can be anything), select E-Mail Address next to Incoming claim type, select Name ID next to Outgoing claim type, select Transient Identifier next to Outgoing name ID format, and ensure that Pass through all claim values is selected.

Step 18: Go to https://<your ADFS server>/FederationMetadata/2007-06/FederationMetadata.xml to download your XML metadata file.

Note: Please do not use Internet Explorer to complete this step; using Internet Explorer may cause issues with the XML file.

Step 19: Contact Verkada Support to provide a Support Access Token and your XML metadata file.

Step 20: Once the integration is complete, please test it by opening an Incognito/Private Browsing window and visiting https://vauth.command.verkada.com/saml/login/clientID, replacing clientID with your Client ID from step 7. You should be taken to your ADFS login page. Please attempt to sign in using your credentials. If you are then taken to your Command organization, congratulations, the SAML integration was a success! If you see an error presented to you, please contact Verkada Support for further assistance.

Did this answer your question?