Meraki

Community

Migrating to dashboard admins to SSO, now cannot add new VPN user

pematthe
Here to help
yesterday
yesterday

Migrating to dashboard admins to SSO, now cannot add new VPN user

Were migrating our dashboard admins to SSO and have found that deleting the local admin account to force the use of SSO, also deletes their VPN user account - didn't expect that!

 

The work around is to create a new user 'guest' account for the MX VPN service and email new credentials to the user.  One has worked OK, the next one failed "A user with the email 'xxxxxxxxxxx' already exists".  We cannot find that account anywhere.  It is not in the dashboard admins or existing VPN users.  

 

It was used for SSO so we have tried with the account in the M365 SSO user list and without.  Neither makes a difference.  I have seen other threads on the forum that once dashboard knows about an account in SSO, it doesn't let it go, there's no option to remove the record of it.  Strange as another user SSO account allowed us to create a guest VPN without issue.

 

Anybody else seen this when migrating to dashboard SSO?

Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
yesterday
yesterday

Maybe it will help you:

 

https://community.meraki.com/t5/Dashboard-Administration/Setting-up-SAML-for-2-Meraki-tenants-one-Az...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
pematthe
Here to help
yesterday
yesterday

Thanks for the idea, but I have already changed that SAML parameter.  I have opened a support ticket, maybe they can suggest something.

0 Kudos
In response to pematthe
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

If you have changed that parameter then it is *impossible* for it to conflict with an existing account.  It doesn't pass an email address anymore as the username; it passes the display name - and local Meraki accounts won't let you create such an account.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

What username is the SAML log seeing?

 

PhilipDAth_0-1740081850700.png

 

PhilipDAth_1-1740081867479.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.