Meraki

JesusCasero · ‎Dec 1 2022

Hi folks,

Is there any way to override the current limitation when the same account name attempts to log in to different organizations, being SP-Initiated SAML SSO enabled on one of them and the account locally provisioned on the second organization?

Regards,

JC

PhilipDAth · ‎Dec 1 2022

I configure all my SSO to Meraki setups to send sAMAccountName instead of email address/UPN. Then the SAML username is guaranteed to be unique from any existing Meraki Dashboard account (which uses email addresses).

View solution in original post

PhilipDAth · ‎Dec 1 2022

I configure all my SSO to Meraki setups to send sAMAccountName instead of email address/UPN. Then the SAML username is guaranteed to be unique from any existing Meraki Dashboard account (which uses email addresses).

Dudleydogg · ‎Dec 3 2022

How or why do you want it to be Unique? How can I have 1 SAML user that can access multiple companies?

PhilipDAth · ‎Dec 5 2022

To have a SAML user to be able to access multiple dashboards you just copy the the SAML configuration in one dashboard to the other one you also want them to be able to access it.

JesusCasero · ‎Dec 1 2022

Thanks, Philip, for some reason it didn't work for SP-Initiated SAML SSO when I tested it but I will give it a try again out of curiosity. It would not really meet the requirements of our security posture but it could be a good workaround in some other scenarios.

To be honest, I could not have figured out that the "username" SAML attribute value could be anything but an email address, as it happens for locally defined accounts.

Regards,

JC

Meraki

Community

SAML SSO vs Local Administration Account

SAML SSO vs Local Administration Account