SAML SSO vs Local Administration Account

SOLVED
JesusCasero
Here to help

SAML SSO vs Local Administration Account

Hi folks,

 

Is there any way to override the current limitation when the same account name attempts to log in to different organizations, being SP-Initiated SAML SSO enabled on one of them and the account locally provisioned on the second organization?

 

Regards,

 

JC

 

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

I configure all my SSO to Meraki setups to send sAMAccountName instead of email address/UPN.  Then the SAML username is guaranteed to be unique from any existing Meraki Dashboard account (which uses email addresses).

View solution in original post

4 REPLIES 4
PhilipDAth
Kind of a big deal

I configure all my SSO to Meraki setups to send sAMAccountName instead of email address/UPN.  Then the SAML username is guaranteed to be unique from any existing Meraki Dashboard account (which uses email addresses).

How or why do you want it to be Unique?  How can I have 1 SAML user that can access multiple companies?

To have a SAML user to be able to access multiple dashboards you just copy the the SAML configuration in one dashboard to the other one you also want them to be able to access it.

JesusCasero
Here to help

Thanks, Philip, for some reason it didn't work for SP-Initiated SAML SSO when I tested it but I will give it a try again out of curiosity. It would not really meet the requirements of our security posture but it could be a good workaround in some other scenarios.

 

To be honest, I could not have figured out that the "username" SAML attribute value could be anything but an email address, as it happens for locally defined accounts.

 

Regards,

 

JC

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.