API Script to Manage Meraki Cloud Authentication accounts

rsage_voda
Getting noticed

API Script to Manage Meraki Cloud Authentication accounts

I have written a script to remove guest accounts that are older than 7days from the day the script is run inline with my customers policy. The script appears to work. Items in BOLD are print statements in the script. But all the users I check on the dashboard are still present.

api call:

networkId = network["id"]

userId = user["id"]

 

dashboard.networks.deleteNetworkMerakiAuthUser(
networkId, userId)

From the console

{'id': 'c2FsbWFuLndhc3RpQGNlbnRyaWNhLmNvbSxHdWVzdA==', 'email': 'salman.wasti@centrica.com', 'name': 'Salman', 'createdAt': '2018-12-19T14:04:55.855830Z', 'accountType': 'Guest', 'isAdmin': False, 'authorizations': [{'ssidNumber': 1, 'authorizedZone': 'MyGuest', 'expiresAt': '2019-01-18T14:04:52.000000Z', 'authorizedByName': None, 'authorizedByEmail': None}]}
Salman has expired
2024-01-29 21:47:31 meraki: INFO > networks, deleteNetworkMerakiAuthUser - 204 No Content
2024-01-29 21:47:31 meraki: INFO > DELETE https://n645.meraki.com/api/v1/networks/N_658651445502962172/merakiAuthUsers/c2FtLnNhbGloQGNlbnRyaWN...
Salman **DELETED**

 

The line red is confusing me. According to the API guid for deleting a merakiauth user the response 204 is a successful operation

 

11 Replies 11
Amit_pal
Getting noticed

This will deauthorize user if it is still active, not delete it 

The user will still remain in the history..

I don't think Meraki let's you delete users from history using API

alemabrahao
Kind of a big deal
Kind of a big deal

"If the ID supplied is for a splash guest or client VPN user, and that user is not authorized for any other networks in the organization, then also delete the user. 802.1X RADIUS users are always deleted regardless of this optional attribute."

https://developer.cisco.com/meraki/api-v1/delete-network-meraki-auth-user/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Amit_pal
Getting noticed

I tried same in my org but it does not delete the splash guest entry , just deauthorizes it.. The user will still exist in the user history

alemabrahao
Kind of a big deal
Kind of a big deal

And that user is not authorized for any other networks in the organization, then also delete the user.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
rsage_voda
Getting noticed

If you can't delete the user how is the Meraki solution GDPR compliant? 

Amit_pal
Getting noticed

You can remove user  from dashboard manually and that will delete the user from the org, but using API i think that is not possible because API just unauthorizes the user in the network , does not delete it from org level

alemabrahao
Kind of a big deal
Kind of a big deal

Check the description I sent you.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
rsage_voda
Getting noticed

I have 4000+ accounts manual simply isn't an option. Also when self certified accounts are created they don't seem to set an expiry date.

rhbirkelund
Kind of a big deal
Kind of a big deal

Try passing "delete = True" as a parameter to your call aswell. That is,

dashboard.networks.deleteNetworkMerakiAuthUser(
    networkId, userId,
    delete = True
)
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
rsage_voda
Getting noticed

Thank you I will give this ago. I have 4000+ accounts that need to be deleted. I can't delete them manually. I will try the delete = 'True' parameter.

rsage_voda
Getting noticed

I tried that it didn't work. Interestingly you can delete a using Postman with the delete keyword. I have raised a TAC case and they it can't be done and that an internal case is being raise to amend their documentation

Get notified when there are additional replies to this discussion.