Meraki

JEM74

I've seen this topic on the forum a few times but cannot get my head around how to set this up properly.

We are an MSP, we've been using Meraki for several years but set all the clients up as separate customers with separate logins i.e.

meraki@clientname.com - this was the login that all our techs shared to log in and manage that client. We had a separate one for each client.

With the advent or Cyber Essentials we are looking to move away from sharing accounts and having all our techs log in with their own identities. I've read the Meraki documentation on this i.e.

Monitoring and Managing Multiple Organizations - Cisco Meraki Documentation

Using the MSP Portal to Manage Multiple Organizations - Cisco Meraki Documentation

So, to confirm - to each client we have, we add in a user account with the same username to each one - that will then create the MSP portal where we can switch between all the clients we have added that user too, correct?

I've tested that and it works. However if I add one of our techs to this MSP portal either individually using UN/PW or using SSO with Entra, they get logged in with no issue, but they do not see the other clients.

So, I'm going to have to add 10 techs to each separately to each portal we manage?

This thread suggests you can add more than one SSO IP or multiple SAMLS configs to one org

Re: Admin user access to Meraki Dashboard - Multiple IDP and SAML - The Meraki Community

But I cannot get my head around how to make this work.

Does anybody have an idiots guide on how to do this? Any help appreciated!

RWelch

I believe SAML/SSO must be configured per organization as there is no cross-org SSO user sync.

There is no way to add a user to all organizations at once, unfortunately it must be done per org.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

JEM74

Thanks for the reply! Each client has their own Entra instance so setting up SAML/SSO would be very straight forward for each but our techs obviously do not belong to those Entra tenants, they are in ours, so I guess what I am describing is simply not possible?

That's quite frustrating and I'd be keen to hear from any UK based MSPs on how they are being compliant with Cyber Essentials when managing Meraki kit for their clients.

Mloraditch

What part about adding the second iDP can you not get your head around? You just click add and put in the second iDPs details.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

JEM74

Thanks for the reply. OK, so I add in the second IDP and use the cert from the SSO app I create in that client's Entra instance? Rinse and repeat for each client we have, correct?

Mloraditch

Yes correct.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

JEM74

Thanks, think I have it figured out now, appreciate the help.

JamesT91

Authenticate against the MSP IdP and use the same X.509 cert SHA1 fingerprint under all customer Orgs. Assign permissions as appropriate (read-only or read-write).

JEM74

Thanks, think I have it figured out now, appreciate the help.

Meraki

Community

MSP Portal Help Required

MSP Portal Help Required