# Microsoft Entra ID SAML Integration Verkada Command can integrate with Microsoft Entra ID using Security Assertion Markup Language (SAML). SAML handles the authentication side of things, allowing Microsoft Entra ID to be used to manage access to Command, the same way it is used to manage access to other Software as a Service (SaaS) applications already integrated into your Microsoft Entra ID tenant. This means you can incorporate Command into your existing identity framework and authorize users in accordance with your current policies. *** ### Before you begin For a successful integration, make sure you have the following: * Admin access to your Microsoft Entra ID tenant * Generate a [client-ID](https://help.verkada.com/government-solutions/single-sign-on-sso/government-solutions-identity-providers/..#generate-client-id) *** ## Set up SAML in Microsoft Entra ID Verkada Command is available as a gallery application in the Microsoft Entra ID marketplace and can be used with Microsoft Entra ID Free, P1, and P2 licenses. {% stepper %} {% step %} **Add Verkada Command as an enterprise application in your Microsoft Entra ID directory: Go to your Microsoft Entra ID overview page and select Enterprise applications.**

{% endstep %} {% step %} **At the top of the page, select New Application and search for Verkada Command.** {% endstep %} {% step %} **Select Verkada Command and click Create. *****Be patient as it can take a few minutes to add the application to your***** Microsoft Entra ID *****tenant*****.**

Once the page refreshes, you should see a similar menu (as shown below).\ {% endstep %} {% step %} **On Set up single sign-on, click Get started.**

{% endstep %} {% step %} **Choose SAML as the single sign-on method.**

{% endstep %} {% step %} **If necessary, click Edit to further configure your SAML connection.** {% endstep %} {% step %} **Configure the following fields. You need to add your client ID to the end of each URL before adding them to Microsoft Entra ID. See example below the note.** a. For **Identifier**: [https://saml.prod-govus-pine.verkadagov.com/saml/sso](https://saml.prod-govus-pine.verkadagov.com/saml/sso/)\ b. For **Reply URL**: \ c. For **Sign on URL**: {% endstep %} {% step %} **Click Save.** {% endstep %} {% step %} **On Attributes & Claims, click Edit to be consistent with these attributes:**

{% hint style="warning" %} If you use a different source attribute for email, configure the attributes according to the source attribute you want to use. {% endhint %} {% endstep %} {% step %} **On SAML Signing Certificate > Federation Metadata XML, click Download. Save the XML file to upload to Command.**

{% hint style="info" %} The next dialogs that appear will contain tools you can use after the integration is finalized. {% endhint %} {% endstep %} {% step %} **Continue to Verkada Command to** [**complete the configuration**](https://help.verkada.com/government-solutions/single-sign-on-sso/government-solutions-identity-providers/..#command-configuration)**.** {% endstep %} {% endstepper %} *** ### Test the SAML Connection in Microsoft Entra ID {% stepper %} {% step %} **Once you upload the XML metadata file in Command, click Test in your Microsoft Entra ID account to verify the integration. This action sends a notification to all users with a Command account, inviting them to the organization.**

{% endstep %} {% step %} **Log in with Sign in as current user. If everything is set up correctly, you should be redirected to the Command platform.** {% endstep %} {% step %} **Log in with single sign-on to verify access to Command.** {% endstep %} {% endstepper %} {% hint style="warning" %} Microsoft Entra ID does not support nested groups for app access at this time. All users must be direct members of groups to be assigned. {% endhint %} *** ### Log in via the mobile application {% hint style="info" %} The Android and iOS Command apps support SAML-based login. {% endhint %} {% stepper %} {% step %} **Open your Command app.** {% endstep %} {% step %} **In the email address field, enter your email and click Next.** {% endstep %} {% step %} **You should be redirected to your IdP (Microsoft Entra ID) to complete the login process.** {% endstep %} {% endstepper %}