Wish: SAML auth to support the various levels of MV access

MRCUR
Kind of a big deal

Wish: SAML auth to support the various levels of MV access

I'd really like SAML auth to support the various levels of MV access (live footage only, live + recordings, etc.). SAML is really nice for getting Guest Ambassadors access using their G Suite credentials, but unfortunately it's pretty useless for the MV right now. 

MRCUR | CMNO #12
4 REPLIES 4
GeorgeB
Meraki Employee
Meraki Employee

We have looked at this but there are significant complexities in how to scale the multiple permeations supported by the MV permissions. For example  an organization with 10 camera networks, with 10 cameras per network, with 10 users per network, and with different roles per user, leads to a very complex situation. 

 

We are keen to know more about how SAML users will be used by customers, and what a dashboard implementation for this should look like. Please share your ideas with your Meraki account team's system engineer, they can collect the information and share it with engineering.

MRCUR
Kind of a big deal

@GeorgeB Thanks for the reply George. I totally understand the complexity from your side, but it's also immensely complex and cumbersome to manage Dashboard accounts for users in an org this large (we have hundreds of employees who need access across 25 sites). I'll reach out to my SE and ask him to get the info to MV engineering. 

MRCUR | CMNO #12

Could we not do it as just SSO/SAML for the auth of the user and then manage the permissions within meraki portal like normal admin.
Cisco Umbrella is like this. When you do SSO at the portal login you select SSO and it redirects your to auth to your org and then once approved lets you in and then all the rest of the permissions are handled within the app itself.

I would think that the opposite should be possible.   Start with a SAML role defined and then assign that to a set of cameras.   Either as an existing user, new user, or a role.  That workflow is already there for a camera now.   Just need to provide an option to specify the role name instead of a username.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.