Meraki

Community

Disable 2FA for Admins

Solved
pdeleuw
Getting noticed
‎Oct 11 2024 1:31 AM
‎Oct 11 2024 1:31 AM

Disable 2FA for Admins

Hi all,

I am CCSI and I teach the ECMS course. We have built the lab for this course and configured an organization with some administrators in the dashboard. This administrator accounts are used by the students during the course.

Meraki is forcing 2FA for the login. If 2FA is not explicitely configured, 2FA is done via e-mail. Every day a student wants to log in, I have to give the security code to the students, since the students have no access to the associated e-mail accounts. Imagine you have 10 students: Every day (!) 10 Mails, 10 security codes, each has to be given to the correct student.

Is there a way to disable 2FA for specific accounts at all? It is a lab exclusively for the course, security is not a real concern.

 

Best regards

Peter

0 Kudos
1 Accepted Solution
FeliA
Meraki Employee
Meraki Employee
‎Oct 18 2024 7:33 AM
‎Oct 18 2024 7:33 AM

Hello @pdeleuw,

 

Enabling SAML as @Brash mentioned is a potential alternative, however, it is correct that even if 2FA is disabled on a dashboard administrator's account, OTP can still be triggered. This feature is in place for enhanced security, and an option within the dashboard is not available to disable it.

Authentication Enhancements and New Dashboard Security Features documentation

If you have a very strong or unique use case, I highly recommend reaching out to Meraki Support and providing as much detail as possible to determine if a solution is available that meets your specific use case. Please feel free to link to the documentation provided above when submitting the support case, so that it is clarified that you are referencing wanting to bypass both the 2FA and OTP features for an account.

A support case can be opened by navigating to (?) > Get Help & Cases > Pick a Tile to Contact Support > Submit a case or by following the steps provided in the Contact Cisco Meraki Support document here.


Best,
Feli

If you found this post helpful, please give it kudos. If this answer helped solve the issue, click "accept as solution" so that others can benefit from it.

View solution in original post

0 Kudos
2 Replies 2
Brash
Kind of a big deal
Kind of a big deal
‎Oct 11 2024 5:21 AM
‎Oct 11 2024 5:21 AM

There is no way to exclude MFA for local accounts.

The only way I can think of to achieve it would be to integrate with an identity provider using SAML.

FeliA
Meraki Employee
Meraki Employee
‎Oct 18 2024 7:33 AM
‎Oct 18 2024 7:33 AM

Hello @pdeleuw,

 

Enabling SAML as @Brash mentioned is a potential alternative, however, it is correct that even if 2FA is disabled on a dashboard administrator's account, OTP can still be triggered. This feature is in place for enhanced security, and an option within the dashboard is not available to disable it.

Authentication Enhancements and New Dashboard Security Features documentation

If you have a very strong or unique use case, I highly recommend reaching out to Meraki Support and providing as much detail as possible to determine if a solution is available that meets your specific use case. Please feel free to link to the documentation provided above when submitting the support case, so that it is clarified that you are referencing wanting to bypass both the 2FA and OTP features for an account.

A support case can be opened by navigating to (?) > Get Help & Cases > Pick a Tile to Contact Support > Submit a case or by following the steps provided in the Contact Cisco Meraki Support document here.


Best,
Feli

If you found this post helpful, please give it kudos. If this answer helped solve the issue, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.