SAML auth for mobile app? Now, how do I fix my users?
After nearing completion of our Meraki wireless and camera rollout, I configured SAML authentication with our IDP in preparation for granting dashboard access for our security officer staff. The SAML config was rather painless and seems to work well. I have our security staff successfully logging into the dashboard and monitoring camera streams. The next phase is the rollout of the mobile app which is a requirement for their specific use case.
After banging my head against the wall for a few hours, I now see that SSO isn't supported for the mobile app. All of my security officers have authenticated to the dashboard via SAML, I no longer have the ability to add their accounts back into the dashboard so they can authenticate via the mobile app without SAML.
Error message produced: "Email has already been taken. Email is already in use by a SAML SSO user."
Re: SAML auth for mobile app? Now, how do I fix my users?
Change your Idp to send something other than the email address for the username.
For example, if you are using Azure, change it from sending user.email to user.userprincipalname. I do this on most customer installs as the email issue is very common - almost certainly someone using the system will have access to another Meraki org using their existing email address.
Meraki really should change this so that the authentication system (weather it be "Meraki" or SAML) is asserting WHO you are. It should not matter what is doing that assertion.