Multiple Role SAML

Here to help

Multiple Role SAML

Could we add different user roles using single X.509 cert SHA1 fingerprint ? or we need to create another IdP for different roles? such as 


ADMIN role will be using X.509 cert SHA1 fingerprint AAAA

USER role will be using X.509 cert SHA1 fingerprint BBBB




another question is, should the role on IDP defined before tokens generated?


for an example, if i have already create role "ADMIN" on my IDP (Jumpcloud) then generate SHA1 token, and filled it on meraki dashboard.


and in another moment, i need to add new role "USER" on my IDP, should i generate the new SHA1 token? and filled it again on meraki dashboard?

Meraki Employee
Meraki Employee

No - you don't get the option to define roles until the basic SAML IDP setup has been done.   Multiple roles can be used against the same IDP

so, is that mean when i want to add new role such as "MONITOR", it will use the same SHA1 tokens as "USER" and "ADMIN" ?

Yes  - remember that those credentials are used to verify your IDP, not the individual user;   that IDP will separately have to authenticate each user.

Building a reputation

If the mapping of Role between the IdP side and the Meraki Dashboard side is consistent, this can be achieved with a single IdP.


For example, in the case of Duo Security.


* admin@example.test: Belong to Admin Group

Duo Central -> Meraki Icon/Tile -> Admin Group is mapped to ADMIN Role -> Meraki Dashboard - ADMIN Role


* user@example.test: Belong to User Group

Duo Central -> Meraki Icon/Tile -> User Group is mapped to USER Role -> Meraki Dashboard - USER Role


Note: Duo Central is the portal for Single Sign-On provided by IdP.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.