With the coming discontinuation of SecureX, the only options for managing multiple Meraki organisations are:
- Using a single user account as the organisation admin that all your staff log in as (bad)
- Inviting every staff account to every Meraki organisation you manage and removing the accounts again when people leave (very time consuming and open to errors)
- Using SAML (good, the option we use)
The problem with the Meraki SAML implementation and the 'MSP Portal' in general is that it's quite a loose relationship that appears when accounts have access to more than one organisation, and in the case of SAML it's based on what SAML cert thumbprint exists in an org. configuration at the time the SAML auth is performed. Rotating SAML certificates requires a visit to every managed org. and updating the thumbprint. This is fine if you have 10-20 clients, it's a lot more time consuming if you have 300.
Are there any plans to improve this, perhaps a purpose-built MSP portal where organisations are linked to it by them accepting an invitation, a link that remains in place until expressly terminated by the client or service provider, as well as SAML only needing to be configured in a single location?
