Meraki

Community

Logout and timeout redirect to SAML error (SSO on Entra)

Solved
mud_mixer
New here
a week ago
a week ago

Logout and timeout redirect to SAML error (SSO on Entra)

I've been setting up apps for SSO with Entra, and I followed the guides both on Microsoft and Meraki for Meraki's. It works except for one problem. 

 

On logout or timeout, I get this SAML error below. I looked through this board and saw someone put a different logout URL that was a bit more graceful, but ultimately logged me out of Entra and didn't let me log back in from that tab. I started cases with both Meraki and Microsoft, and after trying some things, they told me to start a case with the other company. 

 

My goal is to make it so upon timeout/logout, I'm simply forwarded back to the Meraki screen with the button 'Log in with SSO' which I can get to right now through our vanity URL. 

 

Screenshot 2025-01-29 103552.pngScreenshot 2025-01-29 103142.png

Labels:
0 Kudos
1 Accepted Solution
In response to PhilipDAth
mud_mixer
New here
a week ago
a week ago

Putting the Vanity URL in the logout instead of the URL the guide said did the trick. Now, on timeout or logout it just goes back to 'log into sso' where I can quickly get a session going again. Thanks

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Personally, when I setup clients I typically don't fill out the sign-out URL (I leave it blank).

 

The issue is if you are signed into (say) 5 Entra ID authenticated apps (say Admin centre, Webmail, Salesforce, etc), and you trigger a signout (such as from the Meraki Dashboard, Salesforce, etc) - it signs you out of EVERY app that you are logged into.

 

Most people don't want this behaviour.  If you remove the sign out URL, and you sign out of one app (such as the Meraki Dashboard) you get signed out of just that one app (it destroys the session token).

In response to PhilipDAth
mud_mixer
New here
a week ago
a week ago

Putting the Vanity URL in the logout instead of the URL the guide said did the trick. Now, on timeout or logout it just goes back to 'log into sso' where I can quickly get a session going again. Thanks

In response to mud_mixer
rhbirkelund
Kind of a big deal
Kind of a big deal
a week ago
a week ago

When you say vanity url, do you mean simply putting e.g dashboard.meraki.com as the logout url?

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2025 Cisco Systems, Inc.