SAML-based user authentication per SSID

avshch
Getting noticed

SAML-based user authentication per SSID

Is it possible to configure SAML-based user authentication against 3rd party iDP (okta) for byod SSID?

7 REPLIES 7
PhilipDAth
Kind of a big deal
Kind of a big deal

Not using SAML, no (at least not out of the box).

 

But I see Okta have an LDAP interface:

https://www.okta.com/blog/2018/09/move-ldap-authentication-to-the-cloud-with-oktas-ldap-interface/

 

And you can configure LDAP splash page authentication.

https://documentation.meraki.com/MR/Splash_Page/Configuring_Splash_Page_Authentication_with_an_LDAP_...

 

 

This requires Okta agent to run on-prem or at AWS/GCP, which we are trying to avoid.

SAML auth would be ideal as no agents would require. Would Meraki partner with IronWiFi to provide this functionality?

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Meraki have an open API, so IronWiFi would just need to integrate with it.

 

I believe Splash Access already provides integration with Azure AD if you don't mind using a third party.

https://www.splashaccess.com/cisco-meraki-azure-ad-with-splashaccess/

We don't have Azure AD to integrate with, but we have Okta. Is there an FRE for Meraki native api integration with OKTA?

IronWiFi has RADIUS-based integration with Meraki: https://www.ironwifi.com/cisco-meraki/

 

omari
Conversationalist

Hi @avshch 

 

Did you ever find a solution to this? I'm trying to figure this out myself. I haven't been able to connect the Okta LDAP interface with Meraki at all.

 

I am trying to avoid purchasing Ironwifi or Foxpass if I can.

My company is interested in this too.  We've virtually eliminated AD / LDAP and the ridiculous overhead that comes with stand-alone directory management.  It's bugging me that with all the available authentication integrations, SAML isn't included.

rsage_voda
Getting noticed

I am working on this for a customer using the Sponsored Guest Portal. When the user connects to the AP ISE redirects them to Azure AD and ISE reports them as authenticated. The user gets a browser window with a message to click the continue buttonISE PoC.jpg. On doing so they get an error 500 message. we are running ISE3.1on a single box in AWS as PoC.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels