Meraki

Community

Local admin level account removal from dashboards after SAML/SSO, DUO with AD authentica integration

RZelle
New here
‎Dec 12 2022 8:05 AM
‎Dec 12 2022 8:05 AM

Local admin level account removal from dashboards after SAML/SSO, DUO with AD authentica integration

After SAML SSO & DUO integration with AD authentication we wish to remove a common Local admin account which was previously setup in each of our client's dashboards. The admin access level in now determined by Groups in AD so having the common local admin account is a security risk. Attempts to delete or demote the account yield "You cannot revoke access to the only organization admin". We have SAML administrative roles configured with the appropriate AD groups. Access via DUo/SAML is working with the admin roles desired but having the common local admin account still active is a security risk even it is 2fa enabled. 

 

 

Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 12 2022 8:29 AM
‎Dec 12 2022 8:29 AM

if I'm not mistaken you need to have at least one local admin account on the dashboard.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
RZelle
New here
‎Dec 12 2022 9:23 AM
‎Dec 12 2022 9:23 AM

Thanks, So far it's looking like our only choice is to leave that 1 admin account in place for all orgs.

0 Kudos
GreenMan
Meraki Employee
Meraki Employee
‎Dec 12 2022 10:26 AM
‎Dec 12 2022 10:26 AM

Yes - you must retain at least one 'traditional' full Admin account (two are recommended) - as per:   https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard...

In response to GreenMan
RZelle
New here
‎Dec 12 2022 3:02 PM
‎Dec 12 2022 3:02 PM

Thanks Greenman, I opened a Ticket with support earlier as well. We are aware of what the documentation states.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.