Azure SSO Issues Sign in Redirect Just says TRUE

SOLVED
TechWR
Conversationalist

Azure SSO Issues Sign in Redirect Just says TRUE

My Company Impletemented Azure SSO Login:

 

When I login with my account the redirect process then Just lands on the Meraki page with a dialog that says "TRUE" and never goes to the dashboard.

 

Is there anything I should ask my admin to Test from the Azure Dashboard? I saw similar threads on this forum but not sure how to solve my problem. My Coworkers can login but some also have some issues with certain org site access. 

 

Does anyone have any suggestionstrue.png

 

Here is the output from SAML that I gathered use SAML add on for Chome:

 

https://raw.githubusercontent.com/WRR3Git/Test/main/Meraki%20SSO%20SAML%20Output%20Errors

 

I saw another thread saying the user solved the problem by making sure his manual login is different than his SAML login?

 

https://community.meraki.com/t5/Dashboard-Administration/Meraki-Single-Sign-On-SSO-integration-with-...

 

The only thing I can think of is I may have been delegated as a user on a different dashboard in the past for an equipment takeover of Toast POS Meraki device. How can I delete my manual login user from Meraki if that is the issue as well?

 

Any Help is Appreciated 

 

Thanks

1 ACCEPTED SOLUTION
TechWR
Conversationalist

Ended up Finding another meraki portal a POS Vendor invited me to way back when with guest access, found out when logging into other portal that we took devices from but they never deleted (and now dont care to cause client was moved from them) that had enabled MFA after changing my email there & accepting the email change from the other email address my issue was resolved. 

 

In short if your getting the message you have another account somewhere in the vast world of meraki whether that's another tenant or something else good luck finding it lol

View solution in original post

6 REPLIES 6
MyHomeNWLab
A model citizen

If the user already exists as a Non-SAML User in Meraki Dashboard, "true" will be displayed.

You should first check the SSO log.
Go to "Organization > Administrators" and display "SAML Login History".

 

For example, the log will appear as follows

 

Found existing non-SAML user with email USERNAME@domain.test

Just FYI, if a Guest User exists in the Client VPN, the following error occurs.


> The server encountered an SSO error. Please contact your network administrator for assistance.
>
> For reference, your login was at Oct 02 06:55:55 UTC from #.#.#.#.

 

Please consider this specification as well when implementing SSO.

 

The relevant menu item is "User Management" section from "Security & SD-WAN > Client VPN".

Building on @MyHomeNWLab's answer, for this reason I always get the SAML Idp to present something like sAMAccountName instead of the email address as the username.

I am having the same issue, and I also discovered the error message "Found existing non-SAML user with email USERNAME@domain.com". This happened after I had been using Cisco SecureX Sign-On and then decided to turn it off. It removed the Admin accounts that were using SecureX from the Administrator page. I suspect they are still somehow linked, but turning the feature back on does not re-add them to the Adminisstrators page. Any suggestions on how to clean this up?

TechWR
Conversationalist

Ended up Finding another meraki portal a POS Vendor invited me to way back when with guest access, found out when logging into other portal that we took devices from but they never deleted (and now dont care to cause client was moved from them) that had enabled MFA after changing my email there & accepting the email change from the other email address my issue was resolved. 

 

In short if your getting the message you have another account somewhere in the vast world of meraki whether that's another tenant or something else good luck finding it lol

EvaF
Conversationalist

I was having a similar problem - just seeing 'true' after going through the SP Initiated SAML sign on and completing Azure Auth sequence.  My regular account was having this problem. My separate AD login I'll call evaadmin for this purpose - was logging in and mapping to meraki_write role just fine.  I banged on this about 4 hours before turning to the forums and seeing this (and even opened a case with meraki).  I have a completely SEPARATE Organization for a small air-gapped tenant that my regular account is also included in. I thought AHA - that is it. I will go delete my regular account from that one off Org we have and I'll be good to go.

 

It got worse from there.  I am now presented a "Server error" message and cannot login with any account.  This is not good and I don't know how to find my support case if I can't login - rut roh!

EvaF_0-1698102966038.png

 

Get notified when there are additional replies to this discussion.