Meraki

Community

Google Workspace LDAP for iPad and app category assignment

Hulafish
Here to help
‎Feb 23 2024 1:45 PM
‎Feb 23 2024 1:45 PM

Google Workspace LDAP for iPad and app category assignment

I manage several schools that use different management systems like Jamf and Meraki for iPad and Google Chrome  OS managment.  Jamf has a very easy to use LDAP system to pull data from Google Workspace for device assignment.  it's not perfect but it generally gets the job done.  I cannot find anything that matches it in Meraki and am wondering if it just doesn't exist or if it is something I am just not seeing.  Right now I can pull users from ASM but it requires us to either Federate which we have run into some odd issues with using ASM, and then we still need to put everyone into classes there for no reason.

 

Would love to be able to pull users in with OU tags so we could just add students to Google, assign to correct OU and then assign an IPad to them.  Is that possible with secure LDap?  If so where is it?

Labels:
0 Kudos
6 Replies 6
PaulF
Meraki Employee
Meraki Employee
‎Feb 27 2024 7:00 AM
‎Feb 27 2024 7:00 AM

No. ASM is the preferred solution for class assignment for shared iPad

 

However, if you're struggling with federation, then this information can be uploaded using SFTP into ASM: https://support.apple.com/en-gb/guide/apple-school-manager/axm26e20e320/web

 

 

0 Kudos
In response to PaulF
Hulafish
Here to help
‎Feb 27 2024 12:15 PM
‎Feb 27 2024 12:15 PM

No shared ipads here, but we label and assign users and have need to pull data from that assignment for some proxy settings.  In systems like Jamf you can pull directly from ASM or from secure LDAP via google.  Is there no way to do this at all for Chromebooks then?  ie if I want to pull in user accounts and emails, can that not be done in any fashion from Google?  Also the federation idea is doable, but still requires extra manual setup of users that we could avoid by using the settings we are already using in Google, ie groups or ou's.

 

I get that Federation is an option for ASM, but when almost every school uses Google for student accounts, direct pulling seems like it makes a lot more sense, and would be the only option for Chromebooks.

0 Kudos
In response to Hulafish
PaulF
Meraki Employee
Meraki Employee
‎Feb 28 2024 12:49 AM
‎Feb 28 2024 12:49 AM

Understood. Thanks for the clarification.

 

We have three auth types that understand groups: AD, Azure and SAML: And, as SAML is supported by google ( https://support.google.com/a/answer/6087519?hl=en#zippy=%2Cstep-add-the-custom-saml-app ) you should see groups created under Systems Manager > Tags 

 

I've not tested it myself, so let me know how you get on: You'll then be able to add users to classes (groups) in google, and use those classes / groups under targets in Apps and Policies

0 Kudos
In response to PaulF
Hulafish
Here to help
‎Feb 28 2024 11:44 AM
‎Feb 28 2024 11:44 AM

Thanks that points me in the right direction.  I am not able to find any sort of walkthrough or guide for how to setup the Meraki portion of things though.  I see SAML AD but it looks like there is a presetup app for that not a custom.  Seems like this needs more fleshing out so we can self guide on this instead of fighting through it all.  Google is probably the most used identity provider for schools so having something easier would be very helpful.

 

Sorry to be a pain but that link is also an app for SSO setup, not just a directory sync like the ASM setup.  I am not trying for full SSO just a way to manage users easier for classroom assignments the same sort of things that are offered for your ASM setup.  It really just sounds like it doesn't exist at this point, but I will hold out hope here.

0 Kudos
In response to PaulF
Hulafish
Here to help
‎May 24 2024 4:40 PM
‎May 24 2024 4:40 PM

Little frustrated by this at this point.  Saml doesn't seem to pull anything into the owners section, it is just usable for SSO from what I can tell.  How do you use it to populate users?  There is no SAML options for anything but SSO from what I can see in the merakin dashboard.  I can find a ton of ways to setup Saml in Google, but no info on the way to do it in meraki except for SSO.

0 Kudos
Hulafish
Here to help
‎May 24 2024 5:59 PM
‎May 24 2024 5:59 PM

So the answer above simply doesn't work for what I am hoping to do.  I am looking in short for a way to sync Google Workspace users directly to the Owner section of Meraki System manager.  In systems like Jamf, this can be done fairly easily using Ldap.

 

How can I do

Google User > Meraki Owners

 

Instead of

Google User > ASM > Meraki Owners

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.