Monitoring in a reception and a shared mobile.
We need to lockdown the view account to a specific computer through IP-address or MAC. Two factor code isn´t good enough.
Today it isn’t possible. You can look down the access to according to public IP-address. But this means that all the internal computers/devices can access. And you look down external access for all the accounts.
This need to be fixed
I don't agree. 2FA is more than enough. If security is that important to you stop using shared devices.
I agree with @PhilipDAth about the 2FA but if you insist, you could blacklist meraki.com in content filtering, then make a Group Policy which has meraki.com allowed only on the PCs you need access to. I would make the GP 1st, and make sure your merkai devices are all in that before you blacklist for everyone else
We are in the process of completely re-working our SAML integration for cameras. This will allow you to use AD/LDAP/RADIUS and associated controls to control access. If you are interested in providing input into the design for this, let me know and I will get a colleague to reach out to you.