Enable MFA for logging into Dashboard only

SOLVED
SLR
Building a reputation

Enable MFA for logging into Dashboard only

I already have a case open with Meraki support. I was just looking for feedback. Does anyone here do MFA for logging into the dashboard and if so how do you have it currently setup? Do you utilize 3rd party MFA software? Do you have MFA also for Client VPN access?

 

Is there a way to enable sms and offline MFA globally for all users who log into the dashboard or do they have to individually do it themselves under the my profile tab? There's got to be an easier way.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

We tend to do a lot of experimenting.

 

We have both Google Authenticator setup (easy), and SAML against Azure AD (difficult to setup) - and we have MFA enabled for Azure AD, so that uses the Microsoft Authenticator.

 

NPS+Azure AD MFA is a pain because of the lack of logs and diagnostics when things go wrong.  If you want MFA for client VPN use a third party solution, like the Duo RADIUS server.

 

 

If you want to enable "global" MFA for the Dashboard use a third party SAML provider like DUO.  You can also use AzureAD if you don't mind doing a bit of extra setup work and Googling.

We use AzureAD because we already use Office 365, and it was more convenient to have the one system for everything.

View solution in original post

4 REPLIES 4
NolanHerring
Kind of a big deal

I use SAML with OKTA which ties into AD. OKTA gives me the option to use 2FA if I want.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Nash
Kind of a big deal

We're all setup as full org admins for API reasons, and use Google Auth for 2FA.

CptnCrnch
Kind of a big deal

Same here: Google Auth as 2FA. Admins are using Authy or Duo on their clients though for added security.

PhilipDAth
Kind of a big deal

We tend to do a lot of experimenting.

 

We have both Google Authenticator setup (easy), and SAML against Azure AD (difficult to setup) - and we have MFA enabled for Azure AD, so that uses the Microsoft Authenticator.

 

NPS+Azure AD MFA is a pain because of the lack of logs and diagnostics when things go wrong.  If you want MFA for client VPN use a third party solution, like the Duo RADIUS server.

 

 

If you want to enable "global" MFA for the Dashboard use a third party SAML provider like DUO.  You can also use AzureAD if you don't mind doing a bit of extra setup work and Googling.

We use AzureAD because we already use Office 365, and it was more convenient to have the one system for everything.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels