Are there other MSP's out there managing multiple client's Meraki Dashboards? We are managing over 50 Meraki client's networks, and finding it a challenge to add/remove Admin accounts on each individual tenant. Curious what everyone else is doing. We considered using a shared account, vs adding each user, so we wouldn't have to open each Dashboard and remove an Admin anytime an employee left, but had problems maintaining the password for the shared account.
It'd be nice if Meraki offered MSP Admin Account Access, so we can centrally manage Admin Accounts for multiple dashboards, vs under each.
Sorry, I should elaborate a bit. Since we sell a managed service we own the gear and charge our customers a monthly fee. So all the gear is in our dashboard that we manage, and we grant access to our customers as needed.
We don't use their dashboard, they use ours.
Shared passwords are not best practice in that you would not know who did what to your and/or your client network(s) from an audit perspective and they would certainly get you a failing grade on PCI/HIPPA compliance audit.
Shared passwords would not be something I would permit let alone advertise I do as an MSP with my company's and my client's security interests at heart. Doing things the right way (creating/managing individual user accounts) takes an investment in time, resources, processes, tools, etc. vs. the easy way (shared accounts). That said, we are part way into a move to SAML as others have suggested.
Food for thought... If an MSP is taking shortcuts like shared passwords due to resourcing maybe they need to look at how much they are charging and resource accordingly. I'd much rather have the conversation with a client that I have to raise rates than one where I have to explain why we are using shared accounts when/if something goes wrong on their network.
We have over 60+ techs, manage over 180 client environments beyond just networks, with over 50 of those clients having their own Meraki Dashboards.
How are you using SAML in regards to Meraki Admin? Setup SAML with every client's individual Dashboard? How many techs and Meraki clients does your organization have?
On the Windows side we had scripted out account creations using our RMM tool, on each client's AD, and can centrally manage those accounts across multiple AD environments.
Previously, we only used the shared account for monitoring only, and to create individual logins. We have alerts created for any time there is a change on any network as well. It was not ideal, but we got sick of having bottlenecks on the ability to support out clients, because of lack of access, and manually having to individually add each person to each dashboard.
Since posting this, per others recommendations, we have built out an application using Meraki's API's to centrally manage our Admin accounts across all of our clients Meraki Dashboards. This will make it much easier for us to centrally give our techs access to specific or all clients, and remove them as necessary.
I know several MSP's recommend Meraki to their clients, so it'd be nice if Meraki had capability natively, like OpenDNS, and other cloud management portals.
Thank you all for your feedback.