cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AD authentication on Meraki WiFi

Highlighted
Conversationalist

Azure AD authentication on Meraki WiFi

Hi guys,

 

We are working on moving away from our on-premises AD to Azure AD. Part of our current infrastructure is using RADIUS authentication on our WiFi network, linked to our AD.

 

Seeing as using Azure AD directly isn't an option yet for Meraki, have you guys come up with any solutions for this?

 

I've been reading some posts about using a splash page to authenticate against Azure AD, but nothing specific or with a detailed configuration guide.

 

We don't want to spin up a VM in Azure just for this. I'm guessing we are not only ones facing this issue?

9 REPLIES 9
Meraki Employee

Re: Azure AD authentication on Meraki WiFi

Hello @KevinI ,

At the moment, Meraki does not have a direct integration with Azure AD. However, since Azure AD is cloud-based, you would need to set up some kind of VPN set up anyway (until a direct VPN with Azure can be established). 

I would recommend checking up on the vMX feature of Meraki. Following KB gives you some details on the setup

https://documentation.meraki.com/MX/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure

 

 

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
Highlighted
New here

Re: Azure AD authentication on Meraki WiFi

Hello @RohitRaj I hope you're doing well. Is there any positive updates regarding the Azure AD authentication on Meraki WiFi?

Highlighted
New here

Re: Azure AD authentication on Meraki WiFi

We too are looking for this since we are moving our devices to Azure AD only.

Highlighted
Here to help

Re: Azure AD authentication on Meraki WiFi

I would not recommend using a splash portal (open ssid) for corporate users. We are looking into a solution with ipsk and Azure. I'll keep you up to date.

Highlighted
Getting noticed

Re: Azure AD authentication on Meraki WiFi

following, we have the same question. We do not want separate vm's or servers, just Azure AD authentication on our Meraki equipment.

Highlighted
Conversationalist

Re: Azure AD authentication on Meraki WiFi

This question gets asked a lot on the Cisco ISE Community pages too. The challenge is that Azure AD is not the same as Active Directory (obviously) and the interfaces into Azure AD don't lend themselves to every use case. ISE for example, offers SAML interface to *some* parts of ISE (like Sponsor Portal Login page, or MyDevices Portal page) - but you cannot use Azure AD for things like EAP-PEAP authentication. Why? Because ISE has no native integration for such an external identity source. The closest you can get to that (with ISE) is to use Secure LDAP. But that breaks the password challenge algorithms (MS-CHAPv2) that is commonly used in EAP-PEAP - it cannot work. But the sLDAP integration could be used for non Authentication purposes - e.g. checking for AD Group membership during an EAP-TLS (cert based) authentication.

 

This is a challenge for every vendor and I have yet to come across a AAA vendor who has solved this problem. Be careful when reading that a product "integrates with Azure AD" - it's often very specific use cases only.

 

The solution to all this is probably a new protocol that runs over TLS (https) directly into public cloud providers.  You might want to look at JumpCloud.com to see what they are currently up to.

Highlighted
Conversationalist

Re: Azure AD authentication on Meraki WiFi

You can use FreeRADIUS to do PEAP auth of users against Azure AD.

Highlighted
Conversationalist

Re: Azure AD authentication on Meraki WiFi

@m841 - that's good to know. Do you have actual experience with this? I'd like to learn how this is done. Please post some more information - I have some identities in Azure and a small lab to test with. I am not too familiar with Free Radius - if you have some kind of base config, that would be handy. 🤔

Highlighted
Conversationalist

Re: Azure AD authentication on Meraki WiFi

Have it running in production, though it was a while ago that I set it up, and I stupidly didn't even document it for future self. When I get some time I'll see if I can cobble together some steps

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.