SAML

Procedure

Contact Verkada Support and ask them to provide you with the Client ID value. Include the Metadata URL with your request. The Verkada Support team will process your request and provide you with the Client ID value.

In Okta, select the Sign On tab for the Verkada app, then click Edit.

Scroll down to the ADVANCED SIGN-ON SETTINGS section. Enter the Client ID provided to you by Verkada into the corresponding field.

Click Save to finish the setup. If you run into problems when setting up SAML, please reach out to Verkada Support.

SCIM

SCIM can be used with Command in order to create and modify users and groups. This document discusses setting up SCIM with Okta. This requires that you have Okta Lifecycle Management.

Prerequisites

  • API Token - This allows you to connect to the Verkada SCIM endpoint. This token is unique per the Verkada organization. To acquire this token, contact support. They will need a list of your email domains and will generate the API Token for you.

Supported Features

The SCIM integration allows for user and group creation, management, and deletion for Verkada.

Procedure

Log into Okta and from the Applications page, add the Verkada app.

Select Provisioning and click Configure API Integration.

Check the box to Enable API Integration, then enter the API Token received from Verkada Support.

Select Test API Credentials and you should get a response "Verkada was verified successfully!" If successful, Select Save.

Still in Provisioning, select the To App settings and press edit in order to enable Create Users, Update User Attributes, and Deactivate Users. Save your changes.

The default attributes and mappings will be what Verkada is set up to use. These are given name and family name.

Assigning users and groups to the SCIM app

Okta users and groups can now be assigned to the SCIM app. Users added to the app will push automatically, while groups will need to be pushed. Follow these steps to push groups:

Navigate in the app page to Push Groups, then press the Push Groups button.

This allows for the groups which have been assigned to this app to be searched by name. Find the group, and select Save. If successful the Push Status will show Active.

In Verkada Command you will see these users and groups populated with the Externally Managed tag indicating they are controlled through SCIM.

Troubleshooting/Known Issues

Updating usernames (emails) does not take effect in Command. If a username is to be changed, please unassign the user from the Verkada SCIM app, then re-add it to the app for the change to take effect.

If a new user cannot be created, it could be due to the email domain not being added to the SCIM configuration in the Verkada backend. When the authentication token is generated for an organization, the expected email domains are tied to it. If the user is outside of the email domains provided when the token was created, this will cause the user to be unable to be created. If this is the cause of the problem, Verkada Support can add this domain to remedy the issue.

Users can only be added/removed from SCIM managed groups through SCIM, not through Command.

Groups created in Command cannot be imported to or synced with SCIM.

If you run into problems when setting up SCIM or when provisioning users or groups, please reach out to Verkada Support.

Did this answer your question?