Solved: Dashboard SSO with SAML and Azure AD - Consumer URL broken?

tkovac · ‎03-21-2022

I've been trying to configure SAML for management login and followed Configuring SAML SSO with Azure AD - Cisco Meraki

Going to dashboard.meraki.com just goes to the logon page and SSO never initiates.

When I click Test from Azure it logs me in fine.

There are no options in Meraki Dashboard to add the Login URL, Azure AD Identifier or Logout URL from Azure.

Is anyone able to tell me what I'm missing here?

Thanks.

Bruce · ‎03-22-2022

The issue is this statement in the document…

You can’t do a SAML login from the Service Provider (I.e. the Dashboard). You need to login through the identity provider (IdP) and it should then redirect you to the Dashboard and pass the SAML token in the process.

View solution in original post

Bruce · ‎03-22-2022

The issue is this statement in the document…

You can’t do a SAML login from the Service Provider (I.e. the Dashboard). You need to login through the identity provider (IdP) and it should then redirect you to the Dashboard and pass the SAML token in the process.

tkovac · ‎03-22-2022

Thanks @Bruce - is that the URL that Azure gives?

When I try that I get this:

Sorry, but we’re having trouble signing you in.

AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

tkovac · ‎03-24-2022

I have found the full URL that Azure uses but as yet have been unable to turn this into a useable seamless link.

Thanks for the help anyway.

DaSz · ‎10-10-2022

You have to separately configure Service Provider-initiated SAML to do SSO from the dashboard, see https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/SP-Initiated_SAML_...

tkovac · ‎10-10-2022

Thanks - I will check this out when I get some time and report back.

Dudleydogg · ‎12-03-2022

I setup 2 dashboards one works perfectly, and the other one goes through the redirect process then Just lands on the Meraki page with a dialog that says "TRUE" and never goes to the dashboard, Test from the Azure portal are all Green. Thoughts or suggestions?

Aaron_Kennedy · ‎02-12-2023

I ran into this issue today. It turns out that any account that tries to use SAML/SSO access to Meraki dashboard cannot have the same email address (username) as an already existing Meraki dashboard account.

As soon as I configured a different administrative account in Azure for write access to Meraki dashboard, that account was able to progress through the SSO process and get deposited in the dashboard without landing on the "true" page.

tkovac · ‎02-12-2023

Thanks @Aaron_Kennedy , just tried this and it worked when using the direct link but it still doesn't work from the dashboard as @Bruce stated.

I can't really see the benefit of it until it does work from the dashboard.

C3SGInc · ‎12-14-2022

Has anyone been able to get the SP-Initiated SAML SSO to work? I can get the test to work and then went through the guide to add SP-Initiated. I go to the url for my subdomain and select SSO and get directed to my AAD login, complete the login but then get an error that my application identifier was not found in the directory.

Any ideas?

tkovac · ‎02-12-2023

Looks like nothing has changed since @Bruce posted the solution here. Just tried this morning and still can't do it from SP.

Aaron_Kennedy · ‎02-13-2023

I also had some issues with SP when I tried to set it up. I was able to get IdP working easily, but the SP process was still broken (and some necessary configuration elements were missing from Organization-->Settings in the dashboard).

But then I found a toggle button in the Organization-->Early Access section of dashboard where I could turn on SAML SSO. After flipping that toggle button, the required configuration options showed up in the dashboard settings and I could complete the SP setup process and get it working properly.

CHTL-User · ‎08-08-2023

This was really useful - I had all of the same problems and got it working.

A couple of sticking points - I finally found the User access URL for ldP initiated access under Meraki Dashboard App > Properties. That worked fine.

After enabling SP-initiated SAML, I got the same message as @C3SGInc (Application with identifier xxxx not found in directory) - I had to add an additional Identifier under Meraki Dashboard App > Single sign-on > Basic SAML Config specifying https://[organisation].sso.meraki.com. After that, it worked.

Otherwise, I followed the KB articles and advice in this post and got there in the end. Thanks.