Meraki

Community

Meraki Access Manager - with username+password

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 15 2025 7:51 PM
‎Apr 15 2025 7:51 PM

Meraki Access Manager - with username+password

I'm trying to follow this guide to try out Access Manager using username+password authentication.

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_U...

 

The issue is on the Entra ID side.

I configured an exclusion in every conditional access policy for the app (yucky, but ok).  So 100%, there is no policy requiring MFA.

PhilipDAth_2-1744771814826.png

 

Our authentication methods policy has been fully migrated to use modern policies.

PhilipDAth_0-1744771638668.png

 

 

Despite having every conditional access disabled through exclusion, Entra ID is saying the authentication failed because MFA is required.  Everyone has to do the above migration - there is no choice.

 

PhilipDAth_1-1744771711381.png

 

 

 

So does this mean the entire section on using username/password authentication against Entra ID in the new Access Manager is a non-starter?  Anyone who has it working at the moment will have it fail when their tennancy is forced migrated?

Labels:
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 16 2025 5:30 AM
‎Apr 16 2025 5:30 AM

I've never configured or implemented anything like this but after searching a bit I found these links. I hope it helps you.

 

Manage users excluded from Conditional Access policies - Microsoft Entra ID Governance | Microsoft L...

 

How to troubleshoot sign-in errors - Microsoft Entra ID | Microsoft Learn

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 16 2025 1:07 PM
‎Apr 16 2025 1:07 PM

Good attempt, but neither of those help.

In response to PhilipDAth
cmr
Kind of a big deal
Kind of a big deal
‎Apr 27 2025 1:38 PM
‎Apr 27 2025 1:38 PM

I just tried setting this up and it seems you are right, a somewhat useless feature 😥

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
cmr
Kind of a big deal
Kind of a big deal
‎Apr 27 2025 1:49 PM
‎Apr 27 2025 1:49 PM

This is what the session logs show:

cmr_0-1745786934544.png

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 27 2025 2:21 PM
‎Apr 27 2025 2:21 PM

That is what I get as well.  There is simply no way (once Authentication Methods is migrated) to create an account that does not require MFA.

Ruben_S
Comes here often
‎May 5 2025 9:42 AM
‎May 5 2025 9:42 AM

Hello,

 

I confirm I'm able to make it working after excluding from existing Conditionnal Access rules my "Meraki_Access_Manager" App registration.

 

Ruben

0 Kudos
In response to Ruben_S
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 5 2025 3:44 PM
‎May 5 2025 3:44 PM

Have your Authentication methods been migrated?

 

PhilipDAth_0-1746485041243.png

 

0 Kudos
Ruben_S
Comes here often
‎May 16 2025 8:27 AM
‎May 16 2025 8:27 AM

Not yet. Status is "in progress"

0 Kudos
In response to Ruben_S
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 16 2025 12:55 PM
‎May 16 2025 12:55 PM

That means it is not migrated yet.   The username/password authentication is likely to break once it is completed.

In response to Ruben_S
linuxoid70
Conversationalist
a week ago
a week ago

Any progress? Did you make it work?

No matter what I do (I even excluded Access Manager app from Conditional access as whole) - I am still getting the same error as shown on screenshot above (MFA thing). 

 

Anyone made it work?

0 Kudos
In response to linuxoid70
PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

If your authentication methods have been migrated to "Modern" (which you cannot stop), you will no longer be able to use username/password authentication.  You can only use certificate authentication.

 

This is because the modern authentication method FORCES the use of MFA.  It is not possible to create a conditional access policy to prevent it.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.