Rerieving a merakiAuthUser userid at organization level by email

ChrisDongen
Conversationalist

Rerieving a merakiAuthUser userid at organization level by email

I have a large organisation, consisting of multiple networks. I made a script with webfront to import a list of users to add them as a merakiAuthUser to a certain network. This works fine, except when adding a user to a (new) network which is already added to another network. This will throw an error 'Email has already been taken'. 

 

Is there a way to query the userid, so I can update that userid with new authorizations? It is unworkable to query all networks and its users to find the userid by looping through all the results (we are talking about 20 networks with about 3000 users each).

 

 

7 REPLIES 7
alemabrahao
Kind of a big deal
Kind of a big deal

@ChrisDongen Users are registered at the organization level and not the network. So I believe that the best way would be to consult the users at the organization level and check the network to they have access privileges.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Can you point to the right API call? The only place I could find/add/change users is at a network level.

PhilipDAth
Kind of a big deal
Kind of a big deal

Just to clarify some confusion I see here.  @ChrisDongen is not talking about organisation admins.  He is talking about network-wide "guest" users, which you get when you use Meraki authentication for anything (such as wifi splash page, client VPN, etc).

When you create such a user you have to authorise them for each network in which you want them to have access.

 

I think you'll need to do something like:

https://developer.cisco.com/meraki/api-v1/#!get-network-meraki-auth-users

To get a list of all existing authorised users.

 

Then update any existing user on the list you are importing.

https://developer.cisco.com/meraki/api-v1/#!update-network-meraki-auth-user 

 

And then finally, add anyone that is 100% new.

https://developer.cisco.com/meraki/api-v1/#!create-network-meraki-auth-user 

This is probably the solution, except when there are lots of networks within an organization with each a lot of users the the time waiting to fetch all the users, check if the exist, if not add them will add up soon and become a bit of a nuisance. Intended use is a webfronted for a service desk, which can be a bit impatient and refreshing the page whiel it is running. which poses more waiting etc. etc.

 

the problem lies within users that don't have an authorization in the network you are querying dont appear in the getuserlist, but when adding them an error is thrown (email taken) without knownig the userid  (which is needed to update the authorizations). when using the Meraki dashboard to do the same users of other networks are displayed (but don't have authorizations). 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I guess you could also just blindly import every user on your list, ignoring errors (due to some users already existing).  And then update every user on your list.

AxL1971
Building a reputation

The following API call can retrieve info for the user

 

https://api.meraki.com/api/v1/networks/<networkID>/merakiAuthUsers/<UserID>

 

Obviously you need to pass the correct network ID and UserID

 

If you get a HTTP error 404 then the user is not enabled for that specific network.

Get notified when there are additional replies to this discussion.