Meraki

Community

SAML-based user authentication per SSID

avshch
Getting noticed
‎Jan 20 2019 7:27 PM
‎Jan 20 2019 7:27 PM

SAML-based user authentication per SSID

Is it possible to configure SAML-based user authentication against 3rd party iDP (okta) for byod SSID?

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 20 2019 10:17 PM
‎Jan 20 2019 10:17 PM

Not using SAML, no (at least not out of the box).

 

But I see Okta have an LDAP interface:

https://www.okta.com/blog/2018/09/move-ldap-authentication-to-the-cloud-with-oktas-ldap-interface/

 

And you can configure LDAP splash page authentication.

https://documentation.meraki.com/MR/Splash_Page/Configuring_Splash_Page_Authentication_with_an_LDAP_...

 

 

In response to PhilipDAth
avshch
Getting noticed
‎Jan 21 2019 11:57 AM
‎Jan 21 2019 11:57 AM

This requires Okta agent to run on-prem or at AWS/GCP, which we are trying to avoid.

SAML auth would be ideal as no agents would require. Would Meraki partner with IronWiFi to provide this functionality?

 

0 Kudos
In response to avshch
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 21 2019 12:04 PM
‎Jan 21 2019 12:04 PM

Meraki have an open API, so IronWiFi would just need to integrate with it.

 

I believe Splash Access already provides integration with Azure AD if you don't mind using a third party.

https://www.splashaccess.com/cisco-meraki-azure-ad-with-splashaccess/

0 Kudos
In response to PhilipDAth
avshch
Getting noticed
‎Feb 28 2019 3:57 AM
‎Feb 28 2019 3:57 AM

We don't have Azure AD to integrate with, but we have Okta. Is there an FRE for Meraki native api integration with OKTA?

IronWiFi has RADIUS-based integration with Meraki: https://www.ironwifi.com/cisco-meraki/

 

0 Kudos
omari
Conversationalist
‎Jun 3 2019 1:54 PM
‎Jun 3 2019 1:54 PM

Hi @avshch 

 

Did you ever find a solution to this? I'm trying to figure this out myself. I haven't been able to connect the Okta LDAP interface with Meraki at all.

 

I am trying to avoid purchasing Ironwifi or Foxpass if I can.

0 Kudos
In response to omari
bennumo
New here
‎Aug 14 2019 11:45 AM
‎Aug 14 2019 11:45 AM

My company is interested in this too.  We've virtually eliminated AD / LDAP and the ridiculous overhead that comes with stand-alone directory management.  It's bugging me that with all the available authentication integrations, SAML isn't included.

rsage_voda
Getting noticed
‎Nov 1 2022 4:00 AM
‎Nov 1 2022 4:00 AM

I am working on this for a customer using the Sponsored Guest Portal. When the user connects to the AP ISE redirects them to Azure AD and ISE reports them as authenticated. The user gets a browser window with a message to click the continue buttonISE PoC.jpg. On doing so they get an error 500 message. we are running ISE3.1on a single box in AWS as PoC.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.