cancel
Showing results for 
Search instead for 
Did you mean: 

MSP's Managing Multiple Meraki Dashboards

Conversationalist

MSP's Managing Multiple Meraki Dashboards

Are there other MSP's out there managing multiple client's Meraki Dashboards? We are managing over 50 Meraki client's networks, and finding it a challenge to add/remove Admin accounts on each individual tenant. Curious what everyone else is doing. We considered using a shared account, vs adding each user, so we wouldn't have to open each Dashboard and remove an Admin anytime an employee left, but had problems maintaining the password for the shared account.

 

It'd be nice if Meraki offered MSP Admin Account Access, so we can centrally manage Admin Accounts for multiple dashboards, vs under each.

12 REPLIES
Head in the Cloud

Re: MSP's Managing Multiple Meraki Dashboards

We use SAML.

Head in the Cloud

Re: MSP's Managing Multiple Meraki Dashboards

Sorry, I should elaborate a bit. Since we sell a managed service we own the gear and charge our customers a monthly fee. So all the gear is in our dashboard that we manage, and we grant access to our customers as needed. 

We don't use their dashboard, they use ours.

Here to help

Re: MSP's Managing Multiple Meraki Dashboards

If you are looking for a easier way to manage login's, I would recommend looking into the Meraki API.

Kind of a big deal

Re: MSP's Managing Multiple Meraki Dashboards

We have a shared login.  Otherwise it is just too hard.

Getting noticed

Re: MSP's Managing Multiple Meraki Dashboards

Shared passwords are not best practice in that you would not know who did what to your and/or your client network(s) from an audit perspective and they would certainly get you a failing grade on PCI/HIPPA compliance audit.

 

Shared passwords would not be something I would permit let alone advertise I do as an MSP with my company's and my client's security interests at heart. Doing things the right way (creating/managing individual user accounts) takes an investment in time, resources, processes, tools, etc. vs. the easy way (shared accounts). That said, we are part way into a move to SAML as others have suggested.

 

Food for thought... If an MSP is taking shortcuts like shared passwords due to resourcing maybe they need to look at how much they are charging and resource accordingly. I'd much rather have the conversation with a client that I have to raise rates than one where I have to explain why we are using shared accounts when/if something goes wrong on their network.

 

 

Cohort Networks Inc.
Your Business. Connected.
Conversationalist

Re: MSP's Managing Multiple Meraki Dashboards

We have over 60+ techs, manage over 180 client environments beyond just networks, with over 50 of those clients having their own Meraki Dashboards. 

 

How are you using SAML in regards to Meraki Admin? Setup SAML with every client's individual Dashboard? How many techs and Meraki clients does your organization have?

 

On the Windows side we had scripted out account creations using our RMM tool, on each client's AD, and can centrally manage those accounts across multiple AD environments.

 

Previously, we only used the shared account for monitoring only, and to create individual logins. We have alerts created for any time there is a change on any network as well. It was not ideal, but we got sick of having bottlenecks on the ability to support out clients, because of lack of access, and manually having to individually add each person to each dashboard.

 

Since posting this, per others recommendations, we have built out an application using Meraki's API's to centrally manage our Admin accounts across all of our clients Meraki Dashboards. This will make it much easier for us to centrally give our techs access to specific or all clients, and remove them as necessary. 

 

I know several MSP's recommend Meraki to their clients, so it'd be nice if Meraki had capability natively, like OpenDNS, and other cloud management portals.

 

Thank you all for your feedback.

 

 

-Todd

Getting noticed

Re: MSP's Managing Multiple Meraki Dashboards

@Toddfather wrote:

 

Since posting this, per others recommendations, we have built out an application using Meraki's API's to centrally manage our Admin accounts across all of our clients Meraki Dashboards. This will make it much easier for us to centrally give our techs access to specific or all clients, and remove them as necessary. 

 



You wouldn't mind sharing that app on Github by chance, would you? Smiley Happy

A model citizen

Re: MSP's Managing Multiple Meraki Dashboards

https://community.meraki.com/t5/Managed-Services/MSP-Portal-gt-New-Idea-MSP-Level-Logins-Please-Kudo...

 

Exact same issue!

 

It might scare you how many networks we manage:

 - For our Wi-Fi we have a few select people who can make changes, rest are a shared read only account.

 - For our System Manager/MDM we are forced to give more people Admin access for our processes and round the clock support. Maintaining this is a bit of an Ad hoc process - Currently looking to move to SAML but need to make sure only people in a certain AD group have access.*

(*But the MDM only offers full or read only access, there is no middle ground to stop users making changes so we may be forced to build something around the API.)

 

 

Thank you,
Peter James

Getting noticed

Re: MSP's Managing Multiple Meraki Dashboards

I utilize an app call autofill on google chrome it allows me to create shortcuts in the org admin url and basically press a button. add. press a button add . etc etc until you are done an save changes Its even easier to do if you just building a new Org and not going back to older Orgs anymore. This is to give us the best security measures and also allows you to hold your staff and the client responsible for any and all changes made. We also like to utilize MFA, like others have stated in here you have to have the best security in mind of your customers. 

Cloud Network Engineer | cloudIT
Certified Meraki Networking Associate

Kudo this if it helped! Smiley Happy
Highlighted
Here to help

Re: MSP's Managing Multiple Meraki Dashboards

I also work for an MSP. Today we have 204 Orgs in our dashboard. This week I finished moving all of my admins to SAML, but before that, I used a Python script to use the API to manage the admins. I used manageadmins.py that I got from https://github.com/meraki/automation-scripts.

Here to help

Re: MSP's Managing Multiple Meraki Dashboards

you do know that any network admin can add/remove any other network admin?

Conversationalist

Re: MSP's Managing Multiple Meraki Dashboards

Yes. I mentioned that it was a challenge to manually remove an admin from every individual network. We  now manage over 100 Meraki Dashboards, with overy 60 Consultants. It can be easy to miss one.

 

We are working on implementing SAML. We initially created an API app that mass added and removed but it was not 100%.

 

Thanks for your help Mr-E...