Meraki

Community

SAML/SSO with RSA securID

paulinster
Conversationalist
‎May 27 2022 10:38 AM
‎May 27 2022 10:38 AM

SAML/SSO with RSA securID

Hi Everyone,
I am currently trying to setup the SSO login for administrators on the Meraki dashboard.

We're using RSA SecurID for our idp, if I setup rsa to return a constant value for the role, it works, but if I setup RSA to return "memberOf" or "virtualGroup" it doesn't work. The return value in saml xml shows that the whole list of groups is returning, which make sense, shouldn't meraki be able to handle that?

Neither if I setup RSA SecurId tor return all value separated by a coma or separated attribute value.
 
Has anyone succeeded in setup RSA SecurID with Meraki?

 

Labels:
0 Kudos
4 Replies 4
RomanMD
Building a reputation
‎May 28 2022 6:43 AM
‎May 28 2022 6:43 AM

As far as I've been able to understand it, Meraki will only handle first entry in the role attribute, so if the Meraki role is not the first in the list, it will not work.

I have asked our ADFS colleagues to send in the role attribute the memberOf group which only contains a specific string.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 29 2022 2:10 PM
‎May 29 2022 2:10 PM

I'm assuming this is SAML for Dashboard authentication.  You must return a role attribute with a single value - that being the permission you want the user to be given.

0 Kudos
paulinster
Conversationalist
‎May 30 2022 5:47 AM
‎May 30 2022 5:47 AM

Hmm Ok,  so basically you almost have no choice than returning a single value, in my case look like with rsa securid I'll have to create 2 configurations, with different static role has    Look to me that their implemenation of saml for meraki's  dashboard administration is very limited.

In response to paulinster
ElBurrito
Conversationalist
‎Oct 14 2022 2:31 PM
‎Oct 14 2022 2:31 PM

The easy way I did this was just by setting the attribute "aCSPolicyName" to the SAML role I defined in the Meraki Dashboard. This was an unused attribute in AD that is sometimes used to set ACLs for users. Doing this allowed me to be able to support multiple rules with a single policy. It especially comes in handy if you switch to SP initiated SAML since you have to define the Apps for those in RSA.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.