cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User authentication with OpenID via Okta

T1
Getting noticed

User authentication with OpenID via Okta

Has anyone configured user auth during enrollment with OpenID Connect via Okta or any other IDP? Meraki documentation is not very detailed to say the least.

6 REPLIES 6
Building a reputation

Re: User authentication with OpenID via Okta

Is this in reference to the new SSO features in macOS 10.15 Catalina? I've had trouble tracking down an example profile on the MacAdmins slack, and it's not in Apple's documentation at the moment. I have the beta installed on a test Mac, and either that feature is buried somewhere, or it hasn't even been released as part of the beta yet.

So there's a bit of work and testing before Meraki would get to it. Keep an eye on ProfileCreator for an example profile template whenever the app gets updated to support all the new Catalina profile payloads, including the SSO at enrollment profile.

Kind of a big deal

Re: User authentication with OpenID via Okta

If use client VPN with an IDP.  You can't do inline enrollment.

 

If you are referring to splash page based authentication then you wont be able to do it out of the box.  You would need to create a custom host splash page that allowed it.

T1
Getting noticed

Re: User authentication with OpenID via Okta

No, this is about authenticating users during enrollment. At the moment they authenticate via Azure AD which was very easy to set up. Other options include G-Suite or Open ID which I'm trying to configure against Okta.

 

Logs don't register any events related to authentication and Meraki Open ID set up instructions are appalling at best.

Building a reputation

Re: User authentication with OpenID via Okta

@T1 do you use Azure AD with DEP enrollment, because the docs state that this isn't supported yet

 

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication

 

I wasn't able to test it until yet

Kind of a big deal

Re: User authentication with OpenID via Okta

We use Azure based enrollment but we only have Android devices.

T1
Getting noticed

Re: User authentication with OpenID via Okta

We do BYOD enrollment via Azure for all staff devices at the moment. DEP is for service devices: wall iPads, demo iPads/iPhones, room Macs etc. and we don't need any additional layer of auth here even if it was supported.

 

Meraki doesn't offer native Okta or SAML at enrollment, so the only option is Open ID protocol which Okta supports. After discussing with Support yesterday, looks like there is something off in Meraki backend and OPs team is looking into it.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels