All Collections
Command
SAML/SSO
Okta SAML Integration
Okta SAML Integration

Learn how to set up SAML with Okta

Updated over a week ago

Verkada Command has the ability to integrate with Okta (amongst other Identify Providers [IdPs]) in 2 capacities, depending on the use case:

  • Security Assertion Markup Language (SAML)

  • System for Cross-Domain Identity Management (SCIM)

SAML handles the authentication process, allowing Okta to be used to manage access to Command, the same as any other Software as a Service (SaaS) application already integrated into your Okta tenant. This means Command can be incorporated into your existing identity framework and be access-controlled based on your current policies in place.

SCIM allows you to leverage your existing users and groups already present in Okta and synchronize these with Command. This allows you to retain the current central identity provider, and configure access using your existing users and groups through Command to control access to the platform.

Before you begin

  1. Generate your SAML Client ID.

  2. For a successful integration, choose the best path for your region:

Create a Verkada Okta app

  1. Log in to Okta.

  2. Go to the Applications page and click Browse App Catalog.

  3. In the search bar, type Verkada.

  4. Click Add.

  5. Click Done.

Configure a new app integration from Okta

  1. Create a new app integration, select SAML 2.0, and click Next.

  2. On Create a SAML integration > General Settings, enter an app name, optionally include an app logo, and click Next.

  3. In Verkada Command, fill in the URLs (as shown):

Note: The application username is Okta username.


How the integration works

  1. In Okta, select the Sign On tab for the Verkada app, and click Edit.

  2. Scroll down to Advanced Sign-On Settings and type the Client ID.

  3. Select Save.

  4. Scroll further down to SAML Signing Certificates and click Generate new certificate, if a new certificate does not exist.

  5. To the right of the certificate, select the Actions dropdown and click View IdP metadata.

  6. Save the page to download the metadata.

7. After downloading the XML file, you need to upload it to Command.

SAML attribute mapping

  1. In your SAML configuration, set up attributes mapping as follows:

    • email > user.email

    • firstName > user.firstName

    • lastName > user.lastName

  2. Create a new version of the Identity Provider (IdP) metadata and activate the new version.

  3. Download the latest version IdP metadata, using the same as in the Verkada App.

  4. Upload the IdP metadata in Command (SAML section).

  5. Set up email domains.

  6. In the Verify Metadata section, click Run Login Test.

Troubleshooting/Known Issues

  • Updating usernames (emails) does not automatically take effect in Command. If you need to change a username, unassign the user from the SAML app, then re-add the user to the app for the change to take effect.

  • If a new user cannot log in via SSO, it could be because the email domain is not being added to the SSO configuration in the Verkada backend. If the user's email is outside of the email domains provided when SSO was set up, this causes the user to be unable to use SSO. If this is the cause of the problem, you need to edit the SSO configuration and add this domain to remedy the issue.

  • If you experience any other problems with setting up SSO, contact Verkada Support.

Learn more


Need more help? Contact Verkada Support

Did this answer your question?