Meraki Community

meraki-newbie · ‎Nov 20 2023

Could we add different user roles using single X.509 cert SHA1 fingerprint ? or we need to create another IdP for different roles? such as

ADMIN role will be using X.509 cert SHA1 fingerprint AAAA

USER role will be using X.509 cert SHA1 fingerprint BBBB

thanks

GreenMan · ‎Nov 20 2023

No need for multiple IDPs. Define SAML roles:

meraki-newbie · ‎Nov 20 2023

another question is, should the role on IDP defined before tokens generated?

for an example, if i have already create role "ADMIN" on my IDP (Jumpcloud) then generate SHA1 token, and filled it on meraki dashboard.

and in another moment, i need to add new role "USER" on my IDP, should i generate the new SHA1 token? and filled it again on meraki dashboard?

GreenMan · ‎Nov 20 2023

No - you don't get the option to define roles until the basic SAML IDP setup has been done. Multiple roles can be used against the same IDP

meraki-newbie · ‎Nov 20 2023

so, is that mean when i want to add new role such as "MONITOR", it will use the same SHA1 tokens as "USER" and "ADMIN" ?

GreenMan · ‎Nov 20 2023

Yes - remember that those credentials are used to verify your IDP, not the individual user; that IDP will separately have to authenticate each user.

MyHomeNWLab · ‎Nov 20 2023

If the mapping of Role between the IdP side and the Meraki Dashboard side is consistent, this can be achieved with a single IdP.

For example, in the case of Duo Security.

* admin@example.test: Belong to Admin Group

Duo Central -> Meraki Icon/Tile -> Admin Group is mapped to ADMIN Role -> Meraki Dashboard - ADMIN Role

* user@example.test: Belong to User Group

Duo Central -> Meraki Icon/Tile -> User Group is mapped to USER Role -> Meraki Dashboard - USER Role

Note: Duo Central is the portal for Single Sign-On provided by IdP.

Multiple Role SAML