Client VPN password and organization security settings

SOLVED
harmankardon
Getting noticed

Client VPN password and organization security settings

For client VPN, I believe the following to be true:

 

1. If account type is Guest, client VPN password is set by a dashboard admin via the dashboard.

2. If account type is Administrator, client VPN password is the users dashboard password.

 

Are both of these assumptions true? And for #1, can the users reset their password themselves?

 

And do the options in Organization -> Settings -> Security Settings apply to both client VPN users and dashboard admins? If it doesn't apply to dashboard admins, is it possible to force 2FA for admins some other way?

 

 

1 ACCEPTED SOLUTION
Jeizzen
Getting noticed

Yes, my apologies, seems that yes client vpn now can reset their password:

 

Note: A user can modify their own credentials and reset their password if they are not an administrator account by logging in through account.meraki.com/account/account_login. This page is only available for users created under SSID configured as splash or Client VPN.

 

those blue information squares in Meraki doc always have important notice 🙂

 

View solution in original post

10 REPLIES 10
alemabrahao
Kind of a big deal
Kind of a big deal

Yes, this is true. No, they can't change their passwords by themselves. 2FA is just to dashboard admin it is not applicable for guest users.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Ok so if I am an admin for multiple dashboard organizations and one of them is set to force 2FA, that affects my dashboard account meaning regardless of which organization I am signing in for, I will be forced to use 2FA?

Yes

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jeizzen
Getting noticed

1. True

2. True

 

Users cannot reset their passwords themselves

 

Read-only access as an Guest Ambassador mode has the right to reset users vpn passwords

harmankardon
Getting noticed

I guess I should have clarified, we are using Meraki Cloud Authentication. I had one of my users forward me their welcome email and it has a link to https://account.network-auth.com/ which does seem to allow users to change their password.

 

@alemabrahao was your answer assuming we were using a different authentication type?

No, I assumed that you are using Meraki Cloud Authentication. 😊 

 

As far as I record the option to change the password is only for guest wifi users.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

I finally got a chance to test (I probably should have tested first), as far as I can tell client VPN users with Meraki Cloud Authentication can reset their own password via that URL. 

Well, I have checked, and you are right, now It is possible to change the password. Sorry for my mistake.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Jeizzen
Getting noticed

Yes, my apologies, seems that yes client vpn now can reset their password:

 

Note: A user can modify their own credentials and reset their password if they are not an administrator account by logging in through account.meraki.com/account/account_login. This page is only available for users created under SSID configured as splash or Client VPN.

 

those blue information squares in Meraki doc always have important notice 🙂

 

I didn't even know this Meraki document existed! Thanks for pointing me in the right direction. The Client VPN Overview Meraki doc doesn't even mention that page.

 

The URL for anyone else seeing this is: https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Managing_User_Account...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels