We're just beginning to roll applications onto our SAML identity provider. I've tested our internal Meraki organization with SAML authentication and it's working. But, what are the best practices for configuring admin access to our dozens of client organizations under our partner account? Do we need to individually configure SSO on each client's organization? How are other partners achieving the convenience of SSO and the need to access any and every client org at any time?
Yup, you need to configure it on every Org.
One thing that helps is creating new Orgs by copying an existing Org. The SAML config will copy over. We keep a "template" Org that's just an empty Org with the setting we want on it around for the sole purpose of cloning for new Orgs.
Ok, how does copying your template org succeed when the Consumer URL for the Meraki service provider is unique for each organization? Or do I just need to create the saml administrative roles?
Since the consumer URL is unique, it's looking like we'll need to create a unique application instance in our idP for each org...is that really right? Meraki1, Meraki2, ... Meraki29, etc.?
"When this occurs, the user will be directed to the MSP portal and receive the desired permissions in each organization. The Consumer URL for any of the MSP organizations can be used, as they will all direct the user to the MSP portal."