SAML configuration

Solved
BlakeRichardson
Kind of a big deal
Kind of a big deal

SAML configuration

Can I just say that configuring SAML is a lot more complex with the Meraki dashboard than any other service I have set it up for. 

 

I've never had to provide an X.509 cert before and the fact that the ACSurl is hidden until it's configured is odd. Most other providers simply want the metadata uploaded, IDP entity ID and IDP URL. 

 

 

I am trying to set this up but I have no option to add an SSO subdomain as noted in the settings.

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

Enabling SAML SSO on the Early Access page should enable the subdomain field 

 

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/SP-Initiated_SAML_... 

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
Ryan_Miles
Meraki Employee
Meraki Employee

Enabling SAML SSO on the Early Access page should enable the subdomain field 

 

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/SP-Initiated_SAML_... 

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
CameronMoody
Meraki Employee
Meraki Employee

Ryan is correct, thanks Ryan! Enabling the Early Access version of SAML SSO will expose the fields associated with the SP-Initiated SAML flow, which allows for both a preferred subdomain to be specified by the user, as well as exposing an SSO login URL field, for users that you may want to provide a simple SAML login path link to.

 

We're approaching moving this feature to general availability so Early Access will no longer be necessary, and I'll post again once this happens.

 

configuring SAML is a lot more complex with the Meraki dashboard than any other service I have set it up for

We hear you on this. We're working on simplifying this configuration process as we improve our SAML experience.

Cameron Moody | Product Manager, Cisco Meraki
PhilipDAth
Kind of a big deal
Kind of a big deal

@Ryan_Miles and @CameronMoody - I have tested this.  IMHO, it's not a good solution.  It works, but it is not something I would like to roll out to clients.  It's a workaround.

 

If you go to any other cloud provider on the planet, they let you register a domain name (e,g. example.com), and then when anyone logs in using that domain name, it triggers the SAML process.  They don't make you go to magic domains.

 

The current process is not "Meraki Simple".  Users should not need special training just to be able to log in.  They should be able to type "meraki" into Google, see the login button, be able to click on the login button, and expect it to work.  That is "Meraki Simple".

 

You can use Microsoft Office 365 as a specific example of how the login flow should work when using SAML.

 

ps. It would be nice to see FIDO2 and passkey support as well (for non-SAML Dashboard Access).  The current MFA implementation (when not using SAML) is what I would describe as meeting the minimum industry standard.  It would be good to be above the minimum accepted standard.

BlakeRichardson
Kind of a big deal
Kind of a big deal

Thanks @Ryan_Miles  I missed the early access bit in the documentation. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.