SAML

Procedure

Generate your client ID.

In Okta, select the Sign On tab for the Verkada app, then click Edit.

Scroll down to the ADVANCED SIGN-ON SETTINGS section. Enter the Client ID provided to you by Verkada into the corresponding field.

Click Save to finish the setup.

In a separate tab open your Metadata URL then right-click -> Save Page As. Make sure that it ends in .XML.

After downloading the XML file you need to upload it to Command.

SCIM

SCIM can be used with Command in order to create and modify users and groups. This document discusses setting up SCIM with Okta. This requires that you have Okta Lifecycle Management.

Prerequisites

  • API Token - This allows you to connect to the Verkada SCIM endpoint. This token is unique per the Verkada organization. This article explains how to acquire a SCIM API token.

Supported Features

The SCIM integration allows for user and group creation, management, and deletion from Verkada Command.

Procedure

  1. Log into Okta

  2. Select the Applications page

  3. Add the Verkada app

  4. Select Provisioning and click Configure API Integration

  5. Check the box to Enable API Integration, then enter the API Token generated in Command.

  6. Select Test API Credentials and you should get a response "Verkada was verified successfully!" If successful, Select Save.

  7. Still in Provisioning, select the To App settings and press edit in order to enable Create Users, Update User Attributes, and Deactivate Users. Save your changes.

  8. The default attributes and mappings will be what Verkada is set up to use. These are given name and family name.

Assigning users and groups to the SCIM app

Okta users and groups can now be assigned to the SCIM app. Users added to the app will push automatically, while groups will need to be pushed manually. Follow these steps to push groups:

  1. Navigate to the Push Groups tab,

  2. Select the Push Groups button.

    This allows for the groups which have been assigned to this app to be searched by name.

  3. Find the group, and select Save. If successful the Push Status will show Active.

In Verkada Command you will see these users and groups populated with the Externally Managed tag indicating they are controlled through SCIM.

Troubleshooting/Known Issues

Updating usernames (emails) does not take effect in Command. If a username is to be changed, please unassign the user from the Verkada SCIM app, then re-add it to the app for the change to take effect.

If a new user cannot be created, it could be due to the email domain not being added to the SCIM configuration in the Verkada backend. When the authentication token is generated for an organization, the expected email domains are tied to it. If the user is outside of the email domains provided when the token was created, this will cause the user to be unable to be created. If this is the cause of the problem, You will need to generate a new token and add this domain to remedy the issue.

Users can only be added/removed from SCIM managed groups through SCIM, not through Command.

Groups created in Command cannot be imported to or synced with SCIM.

If you run into problems when setting up SCIM or when provisioning users or groups, please reach out to Verkada Support.

Did this answer your question?