Hi all,
We’re currently using SAML SSO with Azure AD across our Meraki environment. We have IT staff at each site who manage switching and wireless, and we’ve recently deployed Meraki cameras at a number of locations.
To keep things clean, we’ve created a separate CCTV network that includes only the cameras and sensors. We've successfully configured SAML group access to this CCTV network with the Camera and Sensor and Vision roles for our leadership team to view footage.
However, for some sites, we would like to keep the cameras within the main (combined) network, which also includes switching and wireless. The challenge is that Camera and Sensor roles are Meraki-local and can’t be assigned via SAML, and to view cameras in the main network, the only SAML-based option is to give read-only access to the entire network — which exposes switch and wireless config we don’t want them to see.
Is there a way to:
- Allow SAML users to view cameras only (Vision role) within a combined network?
- Assign camera/sensor roles via SAML or SAML assertion claims?
- Implement network tags or role-based filters in SAML that apply only to the camera portion of a combined network?
We’ve reviewed the “Camera and Sensor Roles” documentation and tried adding those to the SAML token, but it seems to only work in camera-only networks.
Appreciate any advice or experience others have had with this - especially if there are updates on Meraki’s roadmap for this kind of granular role mapping in combined networks.
Thanks!
