Guys dont mix up Systems Centry Manger, Cloud Auth, and Wireless Auth, they are all seperated in the Meraki ecosystem.
Your community is feeling pain here, come on, you need to get this done.
Others have achieved SAML based WPA2 Ent Auth, why can you not catch up.
A. Consoladate the user pages into one.
Org / Admins and Network Users should all be on the same page.
B. add logic and enrich the new users page. ie + New User = (selection of user types incl Admins) where the logic can tell the difference, provide wireless and network access as well as "user wireless access", have the 2FA options built in to this area. and like on your Org Admins section, incorporate the SSO section.
C. upon sso setup, have a cron or something that is securly connected to "i.e" an AAD to check for the list of users.
So when I get my request to set up a new user, I click that +, I check the sso box, I start to type the name and the text box auto recommends the new user pulled from AAD, and atuo enters their name, and their email.
I click save, and they get an email saying to sign into the "org" network simply enter in your email address and your password. a simple session cookie can do the rest.
and AND; treat the info as 802.11x. win win win.
You already have all of these options scattered around your dashboard. you just need to push them all together on one page, and do a little logic coding to make them all talk to each other and behave seamlessly.
I told you guys this like 6 years ago, and have pushed this upon you frequently, your "make a wish" response is bs,
We pay you guys enough, I am starting to wonder if the cost is worth it, granted the ammount of problems I am having with your Cloud Radius, and lack of response.
You are in a perfect position, we the community are literally handing the work to you.
@NovaNinja Hey good idea, where did you "upload your root CA" in Meraki? When "Enterprise with Local Auth" is enabled all I see is a preset that points to Meraki's RADIUS; how did you configure your Meraki end? I totally get how the CA would work with InTune - pretty clear process but I'm missing few pieces of the end-to-end solution that you implemented. Also just to be clear - in your solution the chicken-and-egg issue of having to have cached credentials (first login done other than 802.1x) isn't a thing because this is pure device based auth, yes?
Hello Meraki Community!
Great news as we have begun testing for Entra ID authentication with Splash Access 🎉
All you need to do is scan the attached QR code or follow the link. This will direct you to Stomio project where you can create a tester account, and voilà, you'll find yourself a part of the beta project.
The platform will communicate announcements on Entra ID with Splash Authentication. Once you're part of the project, please share your network link and verify that it has network support access. Once we have the requested network information, Entra ID with Splash Access will be enabled. Thank you for your patience on this!
ATTENTION, THIS IS A MALICIOUS MESSAGE, DON'T SCAN THE IMAGE OR FOLLOW THE URL:
@Boyan1 I believe you can change the auth timeout of the splash page under Wireless -->Splash page. I'm not 100% sure how effective this is just yet as I'm in early stages of testing. We set ours to 30 days with the hope that the Wi-Fi won't make them re-auth until this time elapses.
Signed up for the BETA and stepped through the instructions. A couple minor bugs / errors during setup process but nothing show stopping. Its up and running on one of our test SSIDs, our techs are trying it out, so far so good!
This looks to be an issue with the wireless client being blocked by a policy in place. By navigating to Network->Clients and then to the device, you can see if it is blocked or if a group policy has been assigned to block its access.
Thats what I thought, but I have tested with Normal and Whitelisted Device Policy and still get the same error.
This issue was resolved by adding my Organizational Azure domain to the Allowed Domains list for the SSID.
