Single time splash page with Google authentication

Ahoste
Getting noticed

Single time splash page with Google authentication

Hi all,

 

We have 1 SSID where users need to login with their 3rd party credentials of their Google accounts from the company.

we're loving this feature since we can easily see who is on which device. 

Tho the authentication method was broken on mobile devices because they can't confirm the 2FA on the same device that is trying to login on the splash page since going to gmail stops the logging in process on the splash page. 

however that problem is going to be a different topic.

 

What i'm trying to accomplish is that our users only see the once splash page ever... not even after 90 days.

I feel like i figured it out with a grouppolicy that i'm going to have to assign to each user after they have authenticated.

The policy has the 'bypass' splash page enabled. 

 

I was wondering if this is a good/safe workaround and also how long will Cisco Meraki remember the user that originally authenticated? will it be the duration of the splash page frequency (3 months) or will it remember it until we forget the client?

 

Below you can see what it looks like when a client authenticated and then when I apply the grouppolicy after.

 

any thoughts are much appreciated

 

Ahoste_0-1597849502740.png

 

5 REPLIES 5
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

the client will continue to bypass the splash page even after the 90 days as long as the group policy is applied. Basically, there is no splash authentication here if the group policy is applied to the client. 

 

 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Ahoste
Getting noticed

Hi,

Thanks for the reply.

I figured that meraki would remember that it applied that grouppolicy until i manually forget the client but will it also remember the user that authenticated once in the beginning even after those 90+ days?

 

cheers

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

No, the user will only remain authenticated for a duration of 90 days depending on your configuration but after that, the user will be prompted with splash log in again. 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Ahoste
Getting noticed

Hi Densy,

 

thanks for the reply.

 

so I just did a test with a 30 minute splash frequency. so the user would have to login every 30 minutes with his google account. 

So i tried this on my device, once i'm signed in and authenticated i'm assigning the user a group policy that bypasses the splash page.

That way i try to maintain security because they still have to login before they can use the wifi but once signed in i assign them that bypass policy so they wil never have to sign in again.

 

it looks like this now:

Schermafbeelding 2020-08-25 om 11.21.10.png

 

so after the 30 minutes it says not authorized but i can still see the user that originally signed in. which is what my goal was in the first place, so all good there. 

But now my million dollar question is: How long will Meraki remember the user that originally signed in via the splash page?

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

I believe the clients will be authorized only for the duration configured. In this case, after 30 mins the clients will have to re-authenticate unless the group policy is still applied. 

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels