Okta SAML Integration
Learn how to set up SAML with Okta for your Government Solutions organization
Verkada Command can integrate with Okta using Security Assertion Markup Language (SAML).
SAML manages the authentication process, allowing Okta to control access to Command in the same way it manages other Software as a Service (SaaS) applications in your Okta tenant. This integration lets you incorporate Command into your existing identity framework and enforce your current access policies.
Government Solutions organizations must create a custom SAML application in Okta. There is no pre-built Verkada Okta app available for Government Solutions tenants.
Before you begin
For a successful integration, make sure you have the following:
Admin access to your Okta tenant
Generate a client-ID
Create a custom SAML application
Go to Applications, and select Create App Integration.
Create a new app integration, select SAML 2.0, and click Next.
On the "Create a SAML integration" page, under General Settings, enter an application name, optionally add an application logo, and then click Next.
In the configure SAML page, fill in the Single Sign-On URL and Audience URI (SP Entity ID) with this link:
https://saml.prod-govus-pine.verkadagov.com/saml/sso/<client-ID>Check the Use this for Recipient URL and Destination URL box.
Client ID should be pulled from the Command configuration and replaced in the links inserted in the Okta application.
The application username is the Okta Username.
Click Next. On the feedback page, check the box labeled "This is an internal app that we have created". Click Finish.
In the attributes statements section, set up attributes mapping as follows:
email>user.emailfirstName>user.firstNamelastName>user.lastName
Configuration
In Okta, select the Assignments tab for the app. Click Assign and select People or Groups to enable SSO for these users.
Select the Sign On tab for the app.
Scroll down to SAML Signing Certificates and click Generate new certificate if a new certificate does not exist.
To the right of the certificate, select the Actions dropdown and click View IdP metadata.
Right-click the metadata, select "Save As," and download as an XML file.
After downloading the XML file, continue to Verkada Command to complete the configuration.
In the Verify Metadata section, click Run Login Test.
Troubleshooting
Username changes do not automatically sync with Command. If you update a user’s email, unassign the user from the SAML app and then re-add them for the change to take effect.
New users cannot sign in via SSO. This may occur if the user’s email domain is not included in the SSO configuration. If the domain was not added when SSO was set up, update the configuration to include the missing domain.
Ensure you are using the Government Solutions endpoint:
https://saml.prod-govus-pine.verkadagov.com/saml/sso/<client-ID>Using commercial Verkada endpoints will not work for a Government Solutions Configuration.
If you experience any other problems with setting up SSO, contact Verkada Support.
Last updated
Was this helpful?