# Government Solutions Identity Providers

Integrate Verkada Command with your organization's identity provider (IdP) for Single Sign-On (SSO).

{% hint style="danger" %}
You need [Organization Admin](https://app.gitbook.com/s/NRq5qDDjsYNxwNzF1bcB/users-and-permissions/roles-and-permissions-for-command) permissions to set up SSO.
{% endhint %}

***

## Supported providers

| Provider                                                                                                                                                                                | SAML |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--: |
| [Okta](https://help.verkada.com/government-solutions/single-sign-on-sso/government-solutions-identity-providers/okta-saml-integration-government-solutions)                             |  Yes |
| [Microsoft Entra ID](https://help.verkada.com/government-solutions/single-sign-on-sso/government-solutions-identity-providers/microsoft-entra-id-saml-integration-government-solutions) |  Yes |

***

## Generate client-ID

{% stepper %}
{% step %}
**Go to Verkada Command > All Products > Admin.**
{% endstep %}

{% step %}
**Under Login & Access, select Single Sign-On (SSO).**
{% endstep %}

{% step %}
**Click**  <i class="fa-plus">:plus:</i> **Add.**
{% endstep %}

{% step %}
Click **Copy next to your client ID.**

Save your client ID in a secure place to use in your IdP configuration.
{% endstep %}

{% step %}
**Complete your IdP configutation then come back to complete the** [**Command configuration**](#command-configuration)**.**
{% endstep %}
{% endstepper %}

***

## Command configuration

After configuring your IdP, you'll receive an XML metadata file to upload to Command.

{% stepper %}
{% step %}
**Go to Verkada Command > All Products > Admin.**
{% endstep %}

{% step %}
**Under Login & Access, select Single Sign-On (SSO).**
{% endstep %}

{% step %}
**Click** <i class="fa-pencil-line">:pencil-line:</i> **next to your SAML configuration.**
{% endstep %}

{% step %}
**In the Identity Provider XML Metadata section, click Upload New XML.**

Upload the XML file you downloaded during your IdP configuration.
{% endstep %}

{% step %}
**In the Email Domains section, configure the email domains that users in your organization will use to log in.**&#x20;
{% endstep %}

{% step %}
**In the Verify Metadata section, click Run Login Test to verify that the setup was completed correctly. If the login tests fail, review your metadata file and associated domains.**

Common error: `app_not_configured_for_user` — This can happen when your browser has cached app access. Use an incognito browser or clear your cache and retry.

{% hint style="danger" %}
Before you can verify the XML, you must add email domains.
{% endhint %}
{% endstep %}

{% step %}
**(Optional) Toggle on Require SSO to force everyone in your organization to login with SSO.**

* Anyone using the configured email domain must go through SAML to sign in
* Provides greater control over user access
* If SAML has issues, users cannot sign in until resolved or enforcement is disabled

{% hint style="warning" %}
&#x20;You cannot require SSO until the XML has been verified.
{% endhint %}
{% endstep %}
{% endstepper %}