Multiple Role SAML

meraki-newbie
Getting noticed

Multiple Role SAML

Could we add different user roles using single X.509 cert SHA1 fingerprint ? or we need to create another IdP for different roles? such as 

 

ADMIN role will be using X.509 cert SHA1 fingerprint AAAA

USER role will be using X.509 cert SHA1 fingerprint BBBB

 

thanks

6 Replies 6
GreenMan
Meraki Employee
Meraki Employee

meraki-newbie
Getting noticed

another question is, should the role on IDP defined before tokens generated?

 

for an example, if i have already create role "ADMIN" on my IDP (Jumpcloud) then generate SHA1 token, and filled it on meraki dashboard.

 

and in another moment, i need to add new role "USER" on my IDP, should i generate the new SHA1 token? and filled it again on meraki dashboard?

GreenMan
Meraki Employee
Meraki Employee

No - you don't get the option to define roles until the basic SAML IDP setup has been done.   Multiple roles can be used against the same IDP

meraki-newbie
Getting noticed

so, is that mean when i want to add new role such as "MONITOR", it will use the same SHA1 tokens as "USER" and "ADMIN" ?

GreenMan
Meraki Employee
Meraki Employee

Yes  - remember that those credentials are used to verify your IDP, not the individual user;   that IDP will separately have to authenticate each user.

MyHomeNWLab
A model citizen

If the mapping of Role between the IdP side and the Meraki Dashboard side is consistent, this can be achieved with a single IdP.

 

For example, in the case of Duo Security.

 

* admin@example.test: Belong to Admin Group

Duo Central -> Meraki Icon/Tile -> Admin Group is mapped to ADMIN Role -> Meraki Dashboard - ADMIN Role

 

* user@example.test: Belong to User Group

Duo Central -> Meraki Icon/Tile -> User Group is mapped to USER Role -> Meraki Dashboard - USER Role

 

Note: Duo Central is the portal for Single Sign-On provided by IdP.

Get notified when there are additional replies to this discussion.