You need Organization Admin permissions in order to set up SSO.
Step 1: Begin setup
Go to Verkada Command > All Products > Admin.
Under Privacy & Security > Authentication & User management, select Single Sign-On (SSO) Configuration.
Click Add New.
You should see your client ID and the fields that you entered into your IdP.
For Client ID:
For US orgs: https://vauth.command.verkada.com/saml/sso/<client-id>
For EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-id>For Reply ID:
For US orgs: https://vauth.command.verkada.com/saml/sso/<client-id>
For EU orgs: https://saml.prod2.verkada.com/saml/sso/<client-id>For Sign-on URL:
For US orgs: https://vauth.command.verkada.com/saml/login/<client-id>
For EU orgs: https://saml.prod2.verkada.com/saml/login/<client-id>
Note: To confirm which region you're located, please refer to where your organization was created for Verkada.
Step 2: Upload SAML XML metadata
You will get a warning that the file has not yet been validated.
Before you can verify extensible markup language (XML), you must add domains. You cannot require single sign-on (SSO) until the XML has been verified.
In the Verify Metadata section, click Add Domain.
If the login tests fail, review your metadata file and associated domains.
You may see this common error message:app_not_configured_for_useror other related messages. This can happen when your browser has cached the apps you have access to from when you first logged in and where you had just created the Verkada app with your IdP.If necessary, resolve any issue by using an incognito browser to run the login test, or log out of all services, while clearing your cache and cookies, then retry.
Once verified, you should be able to toggle on Require SSO to sign in.
Step 3: Enforce SSO
After configuring SAML for your Verkada Command organization, you have the option to enable SSO Enforcement.
What this means for you:
Anyone using the configured email domain has to go through the SAML process to sign in.
Allows for greater control over user access.
If there is an issue with SAML, users are unable to sign in, unless the issue is either resolved or SSO Enforcement is disabled.
Need more help? Contact Verkada Support.