Login dashboard based on region

Solved
SopheakMang
Building a reputation

Login dashboard based on region

Dear Expert ,

 

As i want my dashboard to login based on region , can we do it ?

 

As i only see options based on source ip address , such as public ip address not based on region ,

 

For example , i only want china region can login to my org , other location from china , cannot.

 

can we do it ?

1 Accepted Solution
ConnorL
Meraki Employee
Meraki Employee

It's built-in, use the link that @PhilipDAth provided to learn how to configure this.

 

Note: If you're not based in the United States, United Kingdom, Canada, Mexico, France, Spain, Italy, or Germany; SMS 2FA codes are not fully supported due to carrier support and are sent as best effort, so please instead use 2FA With Google Authenticator, which you can learn how to do so using this link: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Usin...

View solution in original post

10 Replies 10
ConnorL
Meraki Employee
Meraki Employee

Source IP is the only way to restrict this, other than splitting your Dashboard into separate organisations and managing which users have access to which organisation. Otherwise, it's a feature request.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you want to improve your dashboard login security consider using 2 factor authentication.

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication 

SopheakMang
Building a reputation

Hi Expert ,

 

Is 2factor need extra license for dashboard or we can use build-in ?

ConnorL
Meraki Employee
Meraki Employee

It's built-in, use the link that @PhilipDAth provided to learn how to configure this.

 

Note: If you're not based in the United States, United Kingdom, Canada, Mexico, France, Spain, Italy, or Germany; SMS 2FA codes are not fully supported due to carrier support and are sent as best effort, so please instead use 2FA With Google Authenticator, which you can learn how to do so using this link: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Usin...

SopheakMang
Building a reputation

Thanks for this , Brother
CptnCrnch
Kind of a big deal
Kind of a big deal

Add Multi Factor Auth using Cisco DUO and get the added layer of security and have Geolocation based policies in place 😎

 

https://duo.com/docs/meraki

ConnorL
Meraki Employee
Meraki Employee

Great shout, @CptnCrnch.

I'm not sure if the free level of Duo allows this (I know where are some limitations with policies etc) but it's worth checking out if you have less than 10 users. Otherwise, it's an optional subscription to use Duo.

Natively, without Duo/OpenID you can use:
- Source IP Restriction
- 2FA for increased security (not limiting geolocation however)
CptnCrnch
Kind of a big deal
Kind of a big deal

Thanks @ConnorL. Unfortunately, Geolocation (which are part of the policy part) are not available in the free plan.

SopheakMang
Building a reputation

unfortunately , i need the free one xD
PhilipDAth
Kind of a big deal
Kind of a big deal

Using Duo for Meraki Dashboard integration is a little bit more work.  First you have two deploy a Duo Access Gateway appliance (I usually deploy a pair because if you have one and it goes down you can't log in - and then I often use a load balancer to distribute the traffic over them although DNS round robin also works but you need to set a high TTL which then prevents fail over from working as well).

 

Then you need to configure SAML integration.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels