Meraki

Community

Meraki Intergrate with Entra ID

Anthony81
New here
‎Apr 25 2024 5:34 AM
‎Apr 25 2024 5:34 AM

Meraki Intergrate with Entra ID

Our company would like to purchase Meraki switch and Meraki AP but don't want invest on NAC ,below items still can fullfill 

1 Network Security
2. Implement network security (e.g. 802.1x) to protect network against unauthorized access and devices.
3. Allow only Shiseido corporate devices to connect to the network (Wired and Wireless). 3. Implement network segmentation to compartmentalize the sub-networks and deliver security controls and services to each sub-network.
4. Network authentication and encryption methods are to be defined and managed.
5. Separation between internal users and guests.
6. Network security measures and controls must comply with Security Framework.

Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 25 2024 9:09 AM
‎Apr 25 2024 9:09 AM

For Wifi you can use the Meraki cloud user base.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Apr 25 2024 12:13 PM
‎Apr 25 2024 12:13 PM

Well implementing 802.1X is in fact investing in NAC 😉
If you want to use Entra ID you will need a NAC solution that can talk with Entra ID.
Alternatively you can deploy certificates via Scepman and supply them to your pc's with an MDM solution and them use Radius as a service to leverage EAP-TLS for authentication of your users on the network, wireless or wired.

 

Guest users just need a separate SSID using PSK or (enhanced) open with a portal page.

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Apr 25 2024 2:42 PM
‎Apr 25 2024 2:42 PM

Using 802.1x with Jumpcloud is also an option otherwise use Meraki authentication as suggested already. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 25 2024 4:00 PM
‎Apr 25 2024 4:00 PM

You are not going to be able to integrate with EntraID without spending some more money.

Splash Access have a solution for onboarding both wired and WiFi devices.  It is 100% cloud-based.  You could have a chat to them.
https://www.splashaccess.com/

If you could reduce the scope to WiFi only, and you have Intune managed devices, you could buy a subscription to Cloud PKI.  Meraki MR can authenticate devices with an issued certificate then.
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview

If you are using EntraID (by that I assume you are cloud-native and don't have Active Directory) - have you considered going 100% zero trust, and migrating any app that does not have zero trust to being zero tust capable?  With this approach you no longer care about local network security.

 

Actually, the more I think about it, the more I think you should look at SASE.  The service you would want with your Meraki system is called "Cisco+ Secure Connect".  I think you need to look at this as you need a far more holistic approach to be able to tick your boxes off without a traditional NAC system.
https://documentation.meraki.com/CiscoPlusSecureConnec

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.