- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Local admin level account removal from dashboards after SAML/SSO, DUO with AD authentica integration
After SAML SSO & DUO integration with AD authentication we wish to remove a common Local admin account which was previously setup in each of our client's dashboards. The admin access level in now determined by Groups in AD so having the common local admin account is a security risk. Attempts to delete or demote the account yield "You cannot revoke access to the only organization admin". We have SAML administrative roles configured with the appropriate AD groups. Access via DUo/SAML is working with the admin roles desired but having the common local admin account still active is a security risk even it is 2fa enabled.
- Labels:
-
Administrators
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if I'm not mistaken you need to have at least one local admin account on the dashboard.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, So far it's looking like our only choice is to leave that 1 admin account in place for all orgs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - you must retain at least one 'traditional' full Admin account (two are recommended) - as per: https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Greenman, I opened a Ticket with support earlier as well. We are aware of what the documentation states.