Ryan is correct, thanks Ryan! Enabling the Early Access version of SAML SSO will expose the fields associated with the SP-Initiated SAML flow, which allows for both a preferred subdomain to be specified by the user, as well as exposing an SSO login URL field, for users that you may want to provide a simple SAML login path link to.

We're approaching moving this feature to general availability so Early Access will no longer be necessary, and I'll post again once this happens.

configuring SAML is a lot more complex with the Meraki dashboard than any other service I have set it up for

We hear you on this. We're working on simplifying this configuration process as we improve our SAML experience.

@Ryan_Miles and @CameronMoody - I have tested this.  IMHO, it's not a good solution.  It works, but it is not something I would like to roll out to clients.  It's a workaround.

If you go to any other cloud provider on the planet, they let you register a domain name (e,g. example.com), and then when anyone logs in using that domain name, it triggers the SAML process.  They don't make you go to magic domains.

The current process is not "Meraki Simple".  Users should not need special training just to be able to log in.  They should be able to type "meraki" into Google, see the login button, be able to click on the login button, and expect it to work.  That is "Meraki Simple".

You can use Microsoft Office 365 as a specific example of how the login flow should work when using SAML.

ps. It would be nice to see FIDO2 and passkey support as well (for non-SAML Dashboard Access).  The current MFA implementation (when not using SAML) is what I would describe as meeting the minimum industry standard.  It would be good to be above the minimum accepted standard.

Thanks @Ryan_Miles  I missed the early access bit in the documentation.