Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAML for MSP/multiple organizations - any changes?

mvalpreda
Getting noticed
4 weeks ago
4 weeks ago

SAML for MSP/multiple organizations - any changes?

I posted a few years ago about SAML for Meraki Dashboard access for MSP/multiple organizations. Curious if there was any update to that. Onboarding/offboarding users is quite tedious. 

0 Kudos
Subscribe
9 Replies 9
spaladug
Meraki Employee
Meraki Employee
4 weeks ago
4 weeks ago

Hi mvalpreda. We do currently support SAML for MSPs (reference). If you are following those requirements and still find it too tedious please share more about your exact use case so we can look into it.

0 Kudos
Subscribe
In response to spaladug
mvalpreda
Getting noticed
4 weeks ago
4 weeks ago

I should have been more specific....when we need someone to have access to a customers Meraki dashboard, we go in there as another admin and add them. If that person leaves, we have to remember they are not in there any longer. Between keeping records, going in each organization one by one to remove a user....that is tedious.

That being said, I'm not 100% sure where to start based on that referenced link. If we have ~100 customers with Meraki organizations....where do I start? Had gone through the Azure AD setup (here) for our own organization, when I test I get 'true', but just not sure how to add that to our customers.

Also not sure how Meraki is differentiating between my email address that is in SAML compared to my Cisco/Meraki login....they have different passwords. Do I need to log in at a different URL?

0 Kudos
Subscribe
In response to mvalpreda
Arthamon
Here to help
3 weeks ago
3 weeks ago

You will need to login via a different URL e.g. "domain.sso.meraki.com". If you already have an Organization Administrator account using the same email as your SAML then you will need to remove it from that Organization before you can leverage SSO.

0 Kudos
Subscribe
Pulkit_Mittal
Getting noticed
4 weeks ago
4 weeks ago

I agree but Meraki is one of the best solutions to provide your admins with restricted privileged access using role attributes. This does make it a little bit complex to onboard, however offboarding isn't that difficult. 

0 Kudos
Subscribe
mvalpreda
Getting noticed
4 weeks ago
4 weeks ago

If I see 'Found existing non-SAML user with email <myemail>' do I need to remove that user as a named admin from the Administrators list for the org? Or is that going to be an issue since I am in ~100 other orgs?

Then for customers I want to have as part of our SAML, the Consumer URL does not matter, just the X.509 cert fingerprint for the organization?

Figured out the login is at https://myapplications.microsoft.com/

0 Kudos
Subscribe
jimmyt234
Getting noticed
4 weeks ago
4 weeks ago

As long as you're using the same X.509 cert SHA1 fingerprint in all Orgs and leveraging SAML Roles correctly as per the documentation that @spaladug linked too, you will be able to then users accessing all Orgs and manage the group membership in your IdP.

0 Kudos
Subscribe
In response to jimmyt234
mvalpreda
Getting noticed
3 weeks ago
3 weeks ago

So the cert I get from Enterprise Applications in https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_S... is the same one I am going to use in all the organizations I have access to and want to use SAML?

The Consumer URL is different for the different orgs and won't matter?

Guessing if I have the same email address already defined as an administrator, I need to pull that out so there is not a conflict between what is defined and in SAML?

0 Kudos
Subscribe
In response to mvalpreda
mvalpreda
Getting noticed
3 weeks ago
3 weeks ago

I did a little test and yes....add the x.509 to all the orgs, add the SAML administrators and it's set. Guessing the Meraki dashboard 'sees' that the cert is the same and ties them together.

0 Kudos
Subscribe
In response to mvalpreda
jimmyt234
Getting noticed
3 weeks ago
3 weeks ago

Glad you got it working. 😄

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.