Meraki

Community

Setting up SSO for separate Meraki Dashboards for the 1 Company

JonnyAwesome
Here to help
yesterday
yesterday

Setting up SSO for separate Meraki Dashboards for the 1 Company

Hi Everyone!

 

The challenge I've found myself in is my company has 2 separate Meraki Organizations. 1 of these Orgs has been successfully configured with SSO using "dashboard.meraki.com" with our Entra IdP and we're unsure of how to set the second Org for SSO using the same Entra IdP.

 

What we're trying to achieve is ...

 

User1 with Group1 authenticates to dashboard.meraki.com and can see Org1

User2 with Group2 authenticates to dashboard.meraki.com and can see Org2

 

Just by looking at it doesn't seem possible as the entry ID of "dashboard.meraki.com" is identical which I believe would conflict. Keen to hear any thoughts/comments and solutions!

Labels:
0 Kudos
5 Replies 5
JonnyAwesome
Here to help
yesterday
yesterday

From some initial research it looks like I could just add another Reply URL to the existing Enterprise App in Entra ID where the existing SSO setup is?

0 Kudos
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
yesterday
yesterday

Use the subdomain option to enter a unique name for each Org 

 

https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/M...

 

On the Entra side use that unique name as the entity ID for each Ent app you create for each Meraki Org.

 

Example of my config

 

Screenshot 2025-12-17 at 13.12.34.png

0 Kudos
mlefebvre1
Here to help
yesterday
yesterday

Use the same thumbprint on every org and control access using the SAML Roles

 

User 1 gets group "Org Type 1 Admin"

User 2 gets group "Org Type 2 Admin"

 

Org 1 has "Org Type 1 Admin" on it as a role and does NOT have "Org Type 2 Admin"

Org 2 has "Org Type 2 Admin" on it as a role and does NOT have "Org Type 1 Admin" on it as a role.

 

User 1 will get access just to org 1, User 2 will get access just to org 2. The thumbprint must match AND there must be a matching role to grant access on the org. 

 

In response to mlefebvre1
PhilipDAth
Kind of a big deal
Kind of a big deal
10 hours ago
10 hours ago

This is the secret.

 

You copy the thumbprint to every org where you want your SAML provider used.  And copy the SAML group mapping you wish to use.

 

Entra only requires a single setup.  You don't touch the Entra config as you add more organisations.

 

 

 

In response to mlefebvre1
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
an hour ago
an hour ago

I've not gotten it to work as described here. If all roles don't exist in each Org with a single Entra Ent App it errors out for me. If an admin is mapped to a role that exists in multiple Orgs it works as expected.

 

The only solution I've found and what a few other posts reference is to create multiple Ent Apps in Entra to keep roles/users separated in Meraki Orgs. Using multiple Ent Apps does work for me.

 

Maybe I'm doing something wrong?

 

If you do have this configured I'd like to know what the Entra config looks like to achieve it.

 

Example

 

Meraki Org 1

SAML role Org 1

 

Meraki Org 2

SAML role Org 2

 

Admins should only land in their respective Org based on role assignment and have no access to any other Org.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.