Meraki

Community

Managing Admin Users via the API

KrisPeck343
New here
‎Jul 24 2023 7:47 AM
‎Jul 24 2023 7:47 AM

Managing Admin Users via the API

I'm working on a way for us to easily create new admin users for all of our clients since currently Meraki requires us to do it manually. We are using Rewst to host and run all of this since it will likely tie into our user onboarding workflows at some point. 

 

I'm able to get it to generate the user and it then requires a confirmation that the user was verified before it loops through all the customers and adds the user to each one of them. However, it seems that some end up giving bad requests despite having API access provided and even then, when it says the user is approved for 48 organizations, they still only show around 30 in the Global Overview despite needing upwards of 60 total clients. 

 

Is this just a quirk of the API and eventually the global overview will catch up or is there something else I can be doing to get it to create users and give them access to all our organizations consistently. 

0 Kudos
2 Replies 2
mlefebvre
Building a reputation
‎Jul 24 2023 8:33 AM
‎Jul 24 2023 8:33 AM

For the bad requests, when you retry the request does it eventually go through?

 

It sounds like you potentially have organizations on multiple Meraki shards/servers and there is a synchronization process between them that can take upwards of 30 minutes in my experience to reflect properly. I've also found recently that I had to accept the org access on a different shard from the email confirmation, I was unable to do it via the Global Overview. 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 24 2023 2:12 PM
‎Jul 24 2023 2:12 PM

Rather than answering your question, I will present an alternate approach.

 

You really should be using SAML.  I prefer Cisco Duo, but you could also use AzureAD, or any other SAML provider.  Once you have enabled SAML in a customer, you can add/remove/change staff, and you never touch the Meraki system.  All access is controlled in your SAML provider.  Your SMAL provider gives you all the auditing and tells you who accessed what and when.  You can also apply additional access controls, such as limiting access to only your computers or authorised devices (great for limiting the impact of a breach).  You can also use your own MFA as well.

 

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_S...

 

SAML is so much more scalable.  Pretend you had 200 Meraki clients.  Would your current approach still work?  If not, why not make the change now.  SAML I say!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.