JumpCloud
Learn how to set up SAML with JumpCloud
Verkada supports Security Assertion Markup Language (SAML) authentication using JumpCloud as your Identity Provider (IdP).
OIDC SSO
—
SAML SSO
Yes
SCIM Provisioning
—
ECE Support
—
Before you begin
To integrate Security Assertion Markup Language (SAML), you must first generate a client ID.
Configuration
Set up SSO
In Verkada Command, go to All Products > Admin > Privacy & Security > Authentication & User Management.
Click Add New to set up single sign-on (SSO).
Create your Verkada app
Navigate to your JumpCloud dashboard and click SSO to view your SSO applications.
Click the plus (+) icon to create a new application.
Click Custom SAML App.
Name your application, add a description, and (optionally) change the icon. Use a name relevant to Verkada.
When you're finished, at the top menu, select SSO, and click activate.
Configure the IdP Entity ID, SP Entity ID, and ACS URL as follows:
For IdP Entity ID: For US orgs: https://vauth.command.verkada.com/saml/sso For EU orgs: https://saml.prod2.verkada.com/saml/sso
For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso
For SP Entity ID: For US orgs: https://vauth.command.verkada.com/saml/sso For EU orgs: https://saml.prod2.verkada.com/saml/sso
For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/sso
For Sign on URL: For US orgs: https://vauth.command.verkada.com/saml/login For EU orgs: https://saml.prod2.verkada.com/saml/login
For AUS orgs: https://saml.prod-ap-syd.verkada.com/saml/login
Alternatively, you can copy the fields from Command.
To confirm which region you're located, please refer to where your organization was created for Verkada.
Click activate.
Scroll down and select the dropdown to set your SAML Subject NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
Check the Sign Assertion box, if not done already.
Set the Login URL where you can replace <client-ID> by your previously-generated client ID (in this application example, cto is the client ID):
To confirm which region you're located, please refer to where your organization was created for Verkada.
Check the Declare Redirect Endpoint box, if not done already, and click activate.
Configure SAML attributes
Scroll down further and click add attribute THREE times to open 3 attribute fields.
Type the information exactly as it appears in the screen below; it is case-sensitive.
Select User Groups and confirm the groups you want to enable SSO access for are checked. In this JumpCloud instance, there is only one group named All Users.
Click activate to enable this group access to your Verkada application.
Click activate > confirm to complete your new SSO connector instance.
Export XML metadata
Once activated, go back to the featured application to download your XML metadata file.
Select SSO and click Export Metadata to export the JumpCloud Metadata file.
Save the exported file, give it a relevant name, and click OK > Save.
After downloading the XML file, upload it to Command.
Ensure your SSO users are provisioned (optional)
Make sure your users using SSO are already provisioned in Command, whether you use SCIM or you create their accounts manually; otherwise, SSO does not work.
Your users can access the JumpCloud User Console (IdP-initiated flow).
Choose single sign-on via Command (Service Provider [SP]-initiated flow).
Last updated
Was this helpful?