I am 200% sure , we tried to reproduce it with support and couldn’t 

- when you disable sentry from SSID, profile is removed 

- when you remove the sentry tag from a computer, profile is removed 

- without disabling sentry , deleting network profile is removed as well 

I don’t know why with this network (deleted) it’s still pushed and couldn’t reproduce it .

What exactly are you seeing as odd behavior ? 

Thank you 

You raise an interesting point about revoking access to a network.

This is how it should work:

• Certificate gets issued to a user
• When a user attaches they present the certificate, and the username on the certificate is checked to verify they have access

I have never personally validated this.  The intention of a certificate is to prove who you are - like a username and password - and having a certificate (or username/password) alone should not provide authorisation.

ps. A 2048 bit certificate is similar in strength to a user having a 256 character password - except the "password" is generated algorithmically random rather than relying on a human to make and remember it. 

In certificate systems I have worked with you don't usually delete old certificates.  You simply revoke the users access to whatever system it is.  In the same way that you don't delete a username just to prevent them from accessing one system.

Certificates can be exported.  If you relied on a certificate simply being present for access, then the user could simply export it to a file, and then re-import it whenever they wanted access.  Deleting the "stored" certificate would provide no real measure of security.

I didn’t try to export but I hope the certificate are installed with the flag none exportable , meaning that they can’t get export easily.

I will try , good point here.

I agree with you regarding the revoking.

 Did you try ? Previous certificate are revoked and can’t get access to the WiFi SSID ?

I am wondering even this :

If a valide certificate could be use for another SSID that the user don’t have access to by joining manually the SSID and selecting the certificate (of the other SSID). I kind of doubt it and will give it a try .

3 week passed. nothing has moved.

It sounds like this may be an issue with the specific network/SSID that was removed. Do you have a case open with Support on this? You may need to get SM engineering involved to have it removed. 

02905804 for case number. 

None of my case have reach engineering team with proper output (Bug fixed.)

So I am not really hopping ...

Thank you all for the answers.

Ask the engineer assigned to check with the SM dev team. They have the ability to do this easily so it shouldn't be a problem. 

Maybe you are a VIP Customer 😉 

Out of 20 cases none of them got resolved .

Will do, thank you

Case 02905804:

I Spent 1h showing to support on Friday ( 5 days ago ) . No single update or answer on the case since then.

No one answers anymore and bugs still here .

It’s really not acceptable . I have never seen that !

Meraki, wake up !

8 days passed , no news neither from meraki  in the community, neither on support 

Since August no move at all

This profil is not removable and get push even to all new device without possiblity to block it !

As we can see there is no NETWORK assign the link goes to 

https://n210.meraki.com/n/undefined/manage

and If I click to SSID https://n210.meraki.com/n/undefined/manage/configure/access_control?ssid_number=

So Meraki remove this profil ASAP, It is that difficult to resolve this bug ? Do you really need 6 months to do this ?

+ I am adding one more :

When you click on Profile List / Meraki Wifi, It shows randomly the list of Device in the scope and that on all Profile

BR

@MerakiDave