Meraki Community

SopheakMang · ‎Jun 23 2020

Dear Expert ,

Our customer has AD in Gsuite (Cloud) , and contains many users in that cloud AD.

Their requirement is to integrate Meraki AP with Gsuit AD to specific OU.

The purpose of doing this is that , when user login to WIFI_STAFF SSID , they just use their username and password of their user AD at Gsuite.

Another requirement login once will take 1 year to be login again for that specific device.

Can we able to accomplish this as well ?

CptnCrnch · ‎Jun 23 2020

Not natively, as far as I know. You'll need to sync your GSuite directory to something like https://jumpcloud.com/product/cloud-radius and leverage RADIUS for user authentication.

rhbirkelund · ‎Jun 24 2020

I don't have any experience with Gsuite AD.

That being said, from what I read, it should be possible by using Secure LDAP. However, it does require a RADIUS server, but you should be able to use something like FreeRADIUS for this.

Point the Meraki SSID towards the RADIUS server, and it should be communicating with Secure LDAP.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

BrandonS · ‎Jun 24 2020

I used the built in Google credential option for wireless access at a couple schools. I am not sure if that is different than what you are describing, but basically all students and staff can join wireless using their Google/GSuite credentials. The domain could be limited like publicschool123.com to prevent just anyone with a Gmail account gaining access.

As for the one year renewal requirement I am not sure you can control that. I would think Google forces reauthenication at some interval. Maybe 30 days, for example.

- Ex community all-star (⌐⊙_⊙)

SopheakMang · ‎Jun 28 2020

Hi Brandon ,

Yes , the same thing you describe , just need one more requirement , i need to limit the domain like abc.com then only staff ou can access the wifi.

can we restrict on OU of the domain as well ?

CptnCrnch · ‎Jun 29 2020

I'm not Brandon (sorry 😉), but: yes

BrandonS · ‎Jun 29 2020

Brandon here to also say, yes. This is, as long as the staff and students use different domains like abcStudents.edu and abcStaff.edu. Here is what the configuration page looks like:

https://documentation.meraki.com/MR/MR_Splash_Page/Google_Sign-In

@CptnCrnch is your username a nod to the 2600hz whistle?

- Ex community all-star (⌐⊙_⊙)

CptnCrnch · ‎Jun 29 2020

@CptnCrnch is your username a nod to the 2600hz whistle?

Good catch @BrandonS!

bhwhite1313 · ‎Jun 25 2020

Hey, Brandon with JumpCloud here.

I'm not in any sales capacity, but I'll second that suggestion that on the surface, this looks to be a good fit for a JumpCloud deployment.

How that would look: Both AD and G Suite would integrate with JumpCloud, and JumpCloud would become the authoritative source for the user credentials in both — a password change in JumpCloud would smoothly result in a simultaneous password change in both. Suspend or delete a JumpCloud user, and that user is simultaneously locked out of both.

Then, you'd point your wireless access points at our cloud RADIUS servers (we have them in US East, US West, EU and APAC), and each user's same credentials would at that point apply to RADIUS access too, no need for an on-premises RADIUS server.

It's free to try at https://console.jumpcloud.com/signup and we have a pubic Slack community at http://ow.ly/seTs30qO7WX . Hope that gives you something to consider.

Meraki Community

Meraki AP integrate with Gsuite AD

Meraki AP integrate with Gsuite AD