Local admin level account removal from dashboards after SAML/SSO, DUO with AD authentica integration

RZelle
New here

Local admin level account removal from dashboards after SAML/SSO, DUO with AD authentica integration

After SAML SSO & DUO integration with AD authentication we wish to remove a common Local admin account which was previously setup in each of our client's dashboards. The admin access level in now determined by Groups in AD so having the common local admin account is a security risk. Attempts to delete or demote the account yield "You cannot revoke access to the only organization admin". We have SAML administrative roles configured with the appropriate AD groups. Access via DUo/SAML is working with the admin roles desired but having the common local admin account still active is a security risk even it is 2fa enabled. 

 

 

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

if I'm not mistaken you need to have at least one local admin account on the dashboard.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Thanks, So far it's looking like our only choice is to leave that 1 admin account in place for all orgs.

GreenMan
Meraki Employee
Meraki Employee

Yes - you must retain at least one 'traditional' full Admin account (two are recommended) - as per:   https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard...

Thanks Greenman, I opened a Ticket with support earlier as well. We are aware of what the documentation states.

Get notified when there are additional replies to this discussion.