All Collections
Command
SAML/SSO
Enabling SAML on Your Command Account
Enabling SAML on Your Command Account
This article explains the process of enabling SAML for your Command organization
Updated this week

Generate SAML Client ID

To use any SAML 2.0 integration you will need to generate your Client ID.

Note: You will need to be an Organization Admin of the organization you want to configure SSO for.

Setup Steps:

  1. Select the All Products > Admin page in the upper left-hand menu

  2. Under Privacy & Security > Authentication & User management choose Single Sign-On (SSO) Configuration

  3. Select Begin Setup

  4. Your Client ID and the following fields that you should enter into your identity provider should appear

Upload SAML Metadata

You will get a warning that the file has not been validated. Domains need to be added before you can verify XML. You will not be able to require SSO until the XML has been verified.

5. Add a domain here

If the login tests fail then please review your metadata file and associated domains.

A common error message is "app_not_configured_for_user" or other related messages. This can happen when your browser has cached the apps you have access to from when you first logged in and where you had just created the Verkada app with your IDP.

This issue is resolved by using an incognito browser to run the login test, or logging out of all services, clearing your cache and cookies, and trying again.

Once verified you will be able to require SSO to sign in.

SSO Enforcement

After configuring SAML for your Verkada Command organization, you have the option to enable SSO Enforcement. What this means is that anyone using the configured email domain has to go through the SAML process in order to sign in. This allows for greater control over user access. This does mean that if there is an issue with SAML users will not be able to sign in unless the issue is either resolved or SSO Enforcement is disabled.

Did this answer your question?