Meraki

Community

SAML Integration with AD Self Service Plus

Solved
AnthonyJulien
New here
20 hours ago
20 hours ago

SAML Integration with AD Self Service Plus

Hi everyone!

 

I hope everything is fine.

I'm trying to integrate Cisco Meraki with AD Self Service, so the users can login to Meraki directly from the AD Self Service.

 

I have run the tests, but I am getting the error: Assertion contains no username and no role.

 

I'm relatively new to this SAML thing, and don't know how to resolve it.

Any help would be greatly appreciated.

 

I can see the username in the XML file, but no role? How should I be adding all of these things?

AnthonyJulien_0-1735210608255.png

 

0 Kudos
1 Accepted Solution
sungod
Kind of a big deal
19 hours ago
19 hours ago

Have you defined the role(s) you want in Dashboard?

 

Org->Aministrators, scroll down to SAML administrator roles, if not you need to add at least one role.

 

The role defines what access rights a matchng user will be given.

 

Then in your AD, any user that you want to be able to login needs that role in their settings.

 

I've not used ADSSP but I see there''s a guide for Dashboard...

https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakic...

...it says....

Please make sure in Cisco Meraki the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

 

There are also several SAML guides in Meraki documentation, for instance...

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_S...

 

 

With Dashboard SAML a user must have one role.

View solution in original post

5 Replies 5
RWelch
Head in the Cloud
20 hours ago
20 hours ago

Configuring SAML Single Sign-on for Dashboard 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
RWelch
Head in the Cloud
20 hours ago
20 hours ago

Integrating Active Directory with Sign-On Splash Page For MR Access Points 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
sungod
Kind of a big deal
19 hours ago
19 hours ago

Have you defined the role(s) you want in Dashboard?

 

Org->Aministrators, scroll down to SAML administrator roles, if not you need to add at least one role.

 

The role defines what access rights a matchng user will be given.

 

Then in your AD, any user that you want to be able to login needs that role in their settings.

 

I've not used ADSSP but I see there''s a guide for Dashboard...

https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakic...

...it says....

Please make sure in Cisco Meraki the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

 

There are also several SAML guides in Meraki documentation, for instance...

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_S...

 

 

With Dashboard SAML a user must have one role.

In response to sungod
AnthonyJulien
New here
17 hours ago
17 hours ago

Hello!

 

Thank you so much for the help!

I did the steps exactly as you mentioned from the AD side, and the issue was resolved (although I got another error, it seems I cannot use the same email address for both regular signin and SAML signin).

So I created another user with an email address not in use yet in Meraki, and I was able to login as expected without any issues.

 

That was a quick reply as well, thank you!

0 Kudos
In response to AnthonyJulien
PhilipDAth
Kind of a big deal
Kind of a big deal
11 hours ago
11 hours ago

ps. You can have your SAML provide pass anything for the username, such as sAMAccountName or displayName.  If you don't pass an email address you avoid this issue of existing accounts.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.