- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SAML/SSO with RSA securID
- Labels:
-
Administrators
-
Other
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As far as I've been able to understand it, Meraki will only handle first entry in the role attribute, so if the Meraki role is not the first in the list, it will not work.
I have asked our ADFS colleagues to send in the role attribute the memberOf group which only contains a specific string.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm assuming this is SAML for Dashboard authentication. You must return a role attribute with a single value - that being the permission you want the user to be given.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm Ok, so basically you almost have no choice than returning a single value, in my case look like with rsa securid I'll have to create 2 configurations, with different static role has Look to me that their implemenation of saml for meraki's dashboard administration is very limited.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The easy way I did this was just by setting the attribute "aCSPolicyName" to the SAML role I defined in the Meraki Dashboard. This was an unused attribute in AD that is sometimes used to set ACLs for users. Doing this allowed me to be able to support multiple rules with a single policy. It especially comes in handy if you switch to SP initiated SAML since you have to define the Apps for those in RSA.