cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Target based access privileges SAML switches

Highlighted
Comes here often

Target based access privileges SAML switches

We have 90 locations, each is its own network with an MX, MS’s and MR’s. We have a team that is half desktop support and half network support. I want to be able to give them the ability to move VLAN ports on the switches but not the ability to alter the configuration of the MX.

 

I attempted to do this with SAML and target based access privileges using the TAGS but it appears the TAGS only work at the network level not the device level.

 

Is there a way to give this team access to only the switch configuration and not the entire sites network?

2 REPLIES 2
Highlighted
Building a reputation

Re: Target based access privileges SAML switches

did you check this?

it explains how to create the permissions on a switchport level...

https://documentation.meraki.com/zGeneral_Administration/Managing_Dashboard_Access/Managing_Dashboar...

 

 

Highlighted
Comes here often

Re: Target based access privileges SAML switches

We did this is an option but it's likely an option of last resort as with 90 networks it will become an administrative overhead and it does not appear to roll up into the SAML roles so it would mean compounding the identity island issue.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.