We have another new feature for you this week! The dashboard now supports role-based camera permissions to allow organizations to use SAML/SSO for camera users. This was a much requested feature, which will allow organizations to more easily scale their MV camera deployments.
Camera Roles versus local Camera-only admins
With the addition of Camera roles, there are now two types of camera accounts within the dashboard. Both types of roles provide the ability to specify viewing permissions, as well as set which cameras that a user can access.
Camera-only admins must be configured individually, per network. If you wanted to give a user access to cameras on two different networks, a role would have to be created for them on each of the target networks. This may be a manageable process for one-off role creation, or organizations with few camera users, but it doesn’t scale well. For example, if you have two users that need camera permissions on two networks, you would have to create four separate roles for them, even if their permissions were identical.
The new Camera Roles eliminates this scaling challenge and provides an easier path to adoption for large organizations with many users. You no longer need to configure accounts for each individual user in each individual network that they need access. Now, you can create roles that grant camera access within a network, or across a group of networks, and apply those roles to as many people as needed.
Configuring Camera Roles
Role-based camera permissions require that you first enable SAML 2.0 and configure your SAML Identity Provider (IdP) settings within the organization. Once that is done, navigate to Organization > Configure > Camera roles and select "Add Role" to get started.
For each role, select the name, and the target networks that the role will be able to access. You can choose all networks, or networks based on tags. Next, you will have the option to set camera permissions (view and export any footage, view any footage, or view live footage only. Finally, choose the cameras that this role should be able to access. You select all cameras, or cameras based on tag.
Considerations with Camera Roles
There are a few things that need to be considered with respect to Camera Roles:
For more information, please see the Camera Roles documentation.
So what do you think of the new Camera Roles? We would love to hear your feedback!
Finished setting up new SAML camera roles today using G Suite as the IDP. It worked very well. Added the app to users Google waffle by groups for one-click sign in to the Meraki Dashboard.
Once caveat though, the Meraki dashboard will only accept a sha1 fingerprint and G Suite only offers up a sha256 fingerprint in a SAML app. The certificate itself can be either, but not the fingerprint. I used a sha calculator off of the one login site to assist in converting the G Suite certificate to a sha1 fingerprint. At that point, the Meraki dashboard accepted my fingerprint and things flowed smoothly.
Hi @BrothersTM that's great! I'll pass along the feedback about the fingerprint compatibility between the dashboard and G Suite, but glad you were able to figure out a workaround for now.