SAML / MSP Portal Improvements Coming?

JonnyM
Getting noticed

SAML / MSP Portal Improvements Coming?

With the coming discontinuation of SecureX, the only options for managing multiple Meraki organisations are:

  1. Using a single user account as the organisation admin that all your staff log in as (bad)
  2. Inviting every staff account to every Meraki organisation you manage and removing the accounts again when people leave (very time consuming and open to errors)
  3. Using SAML (good, the option we use)

 

The problem with the Meraki SAML implementation and the 'MSP Portal' in general is that it's quite a loose relationship that appears when accounts have access to more than one organisation, and in the case of SAML it's based on what SAML cert thumbprint exists in an org. configuration at the time the SAML auth is performed. Rotating SAML certificates requires a visit to every managed org. and updating the thumbprint. This is fine if you have 10-20 clients, it's a lot more time consuming if you have 300.

 

Are there any plans to improve this, perhaps a purpose-built MSP portal where organisations are linked to it by them accepting an invitation, a link that remains in place until expressly terminated by the client or service provider, as well as SAML only needing to be configured in a single location?

1 Reply 1
jimmyt234
Building a reputation

We will still maintain a non-SAML full admin account in all customer Orgs, access to which is restricted to certain staff so that everyone else has to use their SAML access. This non-SAML account will have an API key that we can then use to mass-update things like the SAML thumbprint as you have mentioned.

Get notified when there are additional replies to this discussion.