Generate SAML Client ID
To use any SAML 2.0 integration you will need to generate your Client ID.
Note: You will need to be an Organization Admin of the organization you want to configure SSO for.
Select the All Products > Admin page in the upper left-hand menu
Under Privacy & Security > Authentication & User management choose Single Sign-On (SSO) Configuration
Select Begin Setup
Your Client ID and the following fields that you should enter into your identity provider should appear
Upload SAML Metadata
You will get a warning that the file has not been validated. Domains need to be added before you can verify XML. You will not be able to require SSO until the XML has been verified.
5. Add a domain here
If the login tests fail then please review your metadata file and associated domains.
A common error message is "app_not_configured_for_user" or other related messages. This can happen when your browser has cached the apps you have access to from when you first logged in and where you had just created the Verkada app with your IDP.
This issue is resolved by using an incognito browser to run the login test, or logging out of all services, clearing your cache and cookies, and trying again.
Once verified you will be able to require SSO to sign in.
After configuring SAML for your Verkada Command organization, you have the option to enable SSO Enforcement. What this means is that anyone using the configured email domain has to go through the SAML process in order to sign in. This allows for greater control over user access. This does mean that if there is an issue with SAML users will not be able to sign in unless the issue is either resolved or SSO Enforcement is disabled.