Move a Meraki device from an unknown account

PP-support
New here

Move a Meraki device from an unknown account

HI,

We have a Meraki AP which we believe was registered by a previous employee to an account that we don't have the login details to...

All we have is the AP, and a new account.

Can this be done?

Thanks.

10 REPLIES 10
Adam
Kind of a big deal

I'm fairly certain that you cannot add it to a new account until after it is removed from an old account.  Any way to assume that old employees email to do a PW reset and login to their dashboard?  You may also try to contact Meraki Support if you have the AP in hand to see if they can assist. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

No.

Yeah, Meraki support will not be able to help you in any way unless you have admin access to the org which the AP is claimed. If you have access to the old Employees email, do a password reset and then login with these credentials and un-claim the AP.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
MerakiDave
Meraki Employee
Meraki Employee

All correct responses, and Meraki Support cannot move a device from another Dashboard Organization into another only based on the fact that you have the physical piece of equipment.  You can call in to Support and provide them the serial number and they will be able to see the order number for example and which Dashboard Org it belongs to, but cannot move it into your Dashboard Org, at least not without a cumbersome and formal legal process to make it so.  The simplest thing would be to contact the previous employee and have them unclaim the AP from their Dashboard organization's inventory, so you would then claim it into the inventory of your new Dashboard organization.  If the previous employee is unreachable or refusing to cooperate or deceased then consult with Meraki Support on next steps.  There should always be multiple Dashboard administrators and other best practices to avoid situations like that here https://documentation.meraki.com/zGeneral_Administration/Managing_Dashboard_Access/Managing_Dashboar...

 

Im guessing based on wording from the OP that the previous employee did this without permission and its going to be tricky to get this resolved.

 

Good luck to you. 

 

 

@MerakiDave just out of interest say the AP was originally claimed on the OP's Org and the employee unclaimed it and moved it to his own org can the OP make a case that he legally purchased the AP and has possession of it therefore it be moved back to Org or does this still require lawyers?

www.btr.net.nz

ps. It would be cheaper to buy the latest access point than talk to a lawyer trying to recover the old one.

@BlakeRichardson I thankfully haven't come across that specific case so cannot say for sure.  And I'll say the answer is not just a technical one, but also a matter of company process & procedure, employment agreements, etc.

 

So let's suppose an unhappy and unscrupulous employee, who had full org admin rights, right before they quit or walked out the door, did that.  They purposely remove and unclaimed equipment from their soon-to-be former company's dashboard org and claimed it into their own personal dashboard org for example, pretty much for the purposes of messing up operations or preventing the IT staff from accessing and controlling the equipment.

 

My first thought is that any company would obviously have legally binding employment agreements in place protecting them from sabotage like that, and would certainly press charges, which I suppose (I'm not an attorney) would amount to theft of service or denial of service since they may not have actually taken the physical equipment from the premises, but deliberately caused some level of outage, likely violating all kinds of rules/laws.

 

In addition, any reasonably well-established HR department is going to have formal policies and procedures in place regarding firings, exit interviews, etc that would further protect them, including revoking an employees admin rights and API keys ahead of time, disabling door badge reader access, etc.

 

And on the back end, Meraki can track every serial number of every piece of equipment ever sold along with its status and what Org it belongs to (or did belong to) and even what order number it was attached to, right down to billing and shipping addresses and customer ID including things like MCN (Meraki Customer Number) and a business tax ID.  As well as go back in time and look at every license ever applied to an Org.  Remember in addition to the event log, you've got Organization > Login Attempts and Organization > Change Log, so there's no way (not via Dashboard login or even via API) that anyone can deny having made such a change.  There would be an obvious and incriminating audit trail in plain sight.  

 

So I'm not saying an authorized dashboard admin couldn't cause a disruption, they could.  But they couldn't cover it up and would potentially be in a lot of legal trouble.  And if they physically stole an AP or removed other Meraki equipment from the premises, there'd be no way to have it come back up online somewhere else and remain undetected for very long, the second it came back online and talked to the cloud, there's a fresh record and audit trail.

 

So that's just my take on it, and it's unofficial as I'm a Systems Engineer in the field, and not on Meraki's Support or Legal teams.

 

@BlakeRichardson I thankfully haven't come across that specific case so cannot say for sure.  And I'll say the answer is not just a technical one, but also a matter of company process & procedure, employment agreements, etc.

 

So let's suppose an unhappy and unscrupulous employee, who had full org admin rights, right before they quit or walked out the door, did that.  They purposely remove and unclaimed equipment from their soon-to-be former company's dashboard org and claimed it into their own personal dashboard org for example, pretty much for the purposes of messing up operations or preventing the IT staff from accessing and controlling the equipment.

 

My first thought is that any company would obviously have legally binding employment agreements in place protecting them from sabotage like that, and would certainly press charges, which I suppose (I'm not an attorney) would amount to theft of service or denial of service since they may not have actually taken the physical equipment from the premises, but deliberately caused some level of outage, likely violating all kinds of rules/laws.

 

In addition, any reasonably well-established HR department is going to have formal policies and procedures in place regarding firings, exit interviews, etc that would further protect them, including revoking an employees admin rights and API keys ahead of time, disabling door badge reader access, etc.

 

And on the back end, Meraki can track every serial number of every piece of equipment ever sold along with its status and what Org it belongs to (or did belong to) and even what order number it was attached to, right down to billing and shipping addresses and customer ID including things like MCN (Meraki Customer Number) and a business tax ID.  As well as go back in time and look at every license ever applied to an Org.  Remember in addition to the event log, you've got Organization > Login Attempts and Organization > Change Log, so there's no way (not via Dashboard login or even via API) that anyone can deny having made such a change.  There would be an obvious and incriminating audit trail in plain sight.  

 

So I'm not saying an authorized dashboard admin couldn't cause a disruption, they could.  But they couldn't cover it up and would potentially be in a lot of legal trouble.  And if they physically stole an AP or removed other Meraki equipment from the premises, there'd be no way to have it come back up online somewhere else and remain undetected for very long, the second it came back online and talked to the cloud, there's a fresh record and audit trail.

 

So that's just my take on it, and it's unofficial as I'm a Systems Engineer in the field, and not on Meraki's Support or Legal teams.

 

In my country an employee doing that would actually be committing a crime ("Malicious Damage").  You would ring the police, and the person would probably be arrested shortly after.

 

I suspect if you then gave Cisco Meraki support a copy of the arrest warrant, and they can obviously see the nature of the change from the audit logs, they would have sufficient grounds to put things back how they were.

In fact in my country we have a "Section 252" of the crimes act that makes it illegal to access any computer system without authorisation - which would cover all former employees.  Up to a 2 year jail term for that.  And if you actually cause damage the term can start going up with other charges.

 

http://www.legislation.govt.nz/act/public/2003/0039/latest/whole.html#DLM200273

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels