cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Login dashboard based on region

SOLVED
Highlighted
Building a reputation

Login dashboard based on region

Dear Expert ,

 

As i want my dashboard to login based on region , can we do it ?

 

As i only see options based on source ip address , such as public ip address not based on region ,

 

For example , i only want china region can login to my org , other location from china , cannot.

 

can we do it ?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Meraki Employee

Re: Login dashboard based on region

It's built-in, use the link that @PhilipDAth provided to learn how to configure this.

 

Note: If you're not based in the United States, United Kingdom, Canada, Mexico, France, Spain, Italy, or Germany; SMS 2FA codes are not fully supported due to carrier support and are sent as best effort, so please instead use 2FA With Google Authenticator, which you can learn how to do so using this link: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Usin...

View solution in original post

10 REPLIES 10
Highlighted
Meraki Employee

Re: Login dashboard based on region

Source IP is the only way to restrict this, other than splitting your Dashboard into separate organisations and managing which users have access to which organisation. Otherwise, it's a feature request.
Highlighted
Kind of a big deal

Re: Login dashboard based on region

If you want to improve your dashboard login security consider using 2 factor authentication.

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication 

Highlighted
Building a reputation

Re: Login dashboard based on region

Hi Expert ,

 

Is 2factor need extra license for dashboard or we can use build-in ?

Highlighted
Meraki Employee

Re: Login dashboard based on region

It's built-in, use the link that @PhilipDAth provided to learn how to configure this.

 

Note: If you're not based in the United States, United Kingdom, Canada, Mexico, France, Spain, Italy, or Germany; SMS 2FA codes are not fully supported due to carrier support and are sent as best effort, so please instead use 2FA With Google Authenticator, which you can learn how to do so using this link: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Two-Factor_Authentication#Usin...

View solution in original post

Highlighted
Building a reputation

Re: Login dashboard based on region

Thanks for this , Brother
Highlighted
Head in the Cloud

Re: Login dashboard based on region

Add Multi Factor Auth using Cisco DUO and get the added layer of security and have Geolocation based policies in place 😎

 

https://duo.com/docs/meraki

Highlighted
Meraki Employee

Re: Login dashboard based on region

Great shout, @CptnCrnch.

I'm not sure if the free level of Duo allows this (I know where are some limitations with policies etc) but it's worth checking out if you have less than 10 users. Otherwise, it's an optional subscription to use Duo.

Natively, without Duo/OpenID you can use:
- Source IP Restriction
- 2FA for increased security (not limiting geolocation however)
Highlighted
Head in the Cloud

Re: Login dashboard based on region

Thanks @MerakiConnor. Unfortunately, Geolocation (which are part of the policy part) are not available in the free plan.

Highlighted
Building a reputation

Re: Login dashboard based on region

unfortunately , i need the free one xD
Highlighted
Kind of a big deal

Re: Login dashboard based on region

Using Duo for Meraki Dashboard integration is a little bit more work.  First you have two deploy a Duo Access Gateway appliance (I usually deploy a pair because if you have one and it goes down you can't log in - and then I often use a load balancer to distribute the traffic over them although DNS round robin also works but you need to set a high TTL which then prevents fail over from working as well).

 

Then you need to configure SAML integration.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.