cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable MFA for logging into Dashboard only

SOLVED
Highlighted
SLR
Getting noticed

Enable MFA for logging into Dashboard only

I already have a case open with Meraki support. I was just looking for feedback. Does anyone here do MFA for logging into the dashboard and if so how do you have it currently setup? Do you utilize 3rd party MFA software? Do you have MFA also for Client VPN access?

 

Is there a way to enable sms and offline MFA globally for all users who log into the dashboard or do they have to individually do it themselves under the my profile tab? There's got to be an easier way.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Enable MFA for logging into Dashboard only

We tend to do a lot of experimenting.

 

We have both Google Authenticator setup (easy), and SAML against Azure AD (difficult to setup) - and we have MFA enabled for Azure AD, so that uses the Microsoft Authenticator.

 

NPS+Azure AD MFA is a pain because of the lack of logs and diagnostics when things go wrong.  If you want MFA for client VPN use a third party solution, like the Duo RADIUS server.

 

 

If you want to enable "global" MFA for the Dashboard use a third party SAML provider like DUO.  You can also use AzureAD if you don't mind doing a bit of extra setup work and Googling.

We use AzureAD because we already use Office 365, and it was more convenient to have the one system for everything.

4 REPLIES 4
Kind of a big deal

Re: Enable MFA for logging into Dashboard only

I use SAML with OKTA which ties into AD. OKTA gives me the option to use 2FA if I want.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal

Re: Enable MFA for logging into Dashboard only

We're all setup as full org admins for API reasons, and use Google Auth for 2FA.

Building a reputation

Re: Enable MFA for logging into Dashboard only

Same here: Google Auth as 2FA. Admins are using Authy or Duo on their clients though for added security.

Kind of a big deal

Re: Enable MFA for logging into Dashboard only

We tend to do a lot of experimenting.

 

We have both Google Authenticator setup (easy), and SAML against Azure AD (difficult to setup) - and we have MFA enabled for Azure AD, so that uses the Microsoft Authenticator.

 

NPS+Azure AD MFA is a pain because of the lack of logs and diagnostics when things go wrong.  If you want MFA for client VPN use a third party solution, like the Duo RADIUS server.

 

 

If you want to enable "global" MFA for the Dashboard use a third party SAML provider like DUO.  You can also use AzureAD if you don't mind doing a bit of extra setup work and Googling.

We use AzureAD because we already use Office 365, and it was more convenient to have the one system for everything.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.