Hey Meraki Community,
We recently introduced a feature called Trusted Access, it is included as part of the Systems Manager product. It allows your users to self-provision certificates for 802.1x access to Meraki MR networks. The certificates allow mobile devices to make EAP-TLS connections to the wireless network which, of course, means there is no need to authenticate via a username/password. If you are familiar with SM's "Sentry WiFi" feature it is essentially the same concept without the requirement to have your phone or laptop enrolled in MDM.
We are looking for MR customers of all sizes -- regardless of whether they currently own Systems Manager -- to try out this feature and provide feedback. The SM team is eager to spend some time with you so we can better understand your use cases and get better insight on how we can improve this feature in upcoming releases.
We are particularly looking for customers that use Active Directory for identity management. Regardless of AD: you will need to use iOS or macOS devices to try out the feature (Android will be ready very soon, Windows is still in development). All who participate and provide feedback will be granted 20 free SM licenses.
Please send me a direct message or reply in this thread if you are interested. Thank you!
Noah Salzman
Product Manager for Meraki SM
Would love to try that out!
@Meraki_Scott Send me an email with the URL to the dashboard org you will be using.
I'm "first" dot "last" at Meraki.net.
When Android and Windows are available I would test. Sure seems like Apple fans with the dev team
So if I read this correctly you won't need an SM enrolled devices only access SSID but you can change this to a WPA2-Enterprise SSID.
And with Sentry coupling you can still enforce the correct authorization on each user based on the pushed security tags.
Basically it's a mini ISE 😛
@SoCalRacer Historically, the Meraki SM team has focused more on iOS than on Android, and more on macOS than Windows. However, we are making significant efforts to change that.
Despite any bias we might have, one of the main reasons Trusted Access appeared first on iOS/macOS is that those operating systems have SCEP functions built-in whereas Android and Windows do not. This drastically shortened the development time needed to deliver the feature.
If this is still ongoing--I would be interested in this. But I do have additional questions if i could speak with someone.
Please send me email at first dot last at meraki dot net -- I'm happy to discuss the feature with you.
Hey @Noah_Salzman,
we are using Chrome OS in our environment. If you need a customer with Chrome OS devices, feel free to contact me 🙂
We are looking forward to this feature and would be happy to implement this in our network
@Fabian1 We have done some research into how this would work on Chrome OS and the result was that there is no straightforward way to accomplish this. I wouldn't totally rule it out but, to be clear, it's not currently on our to-do list. However, I would be interested to discuss this with you if you have the time. My work email address is in post in this thread.
Interested in trying this one !
@sebas Please send me a note from your work email at first dot last at meraki.net and we can get you setup.
I'm trying to figure the best options for a single SSID. Would this allow me to assign Vlan based on AD credentials? Will SM conflict with our current Filewave MDM?
Just for understanding, this will make a SSID unusable for Windows and Android (right now), and we can just try it with apple devices?
It's been a couple of months since you posted this but I would be interested in trying it out.
I manage 185 access point devices from mr33, mr42, mr52, mr84, my organization is an educational institution so the amount of connection is huge. We have Active Directory for identity management, provide internet connection for users over 802.1x, the authentication server I'm using is ISE. I am happy to join your team to improve user simplicity
I come from Vietnam
thanks you
Hello Noah,
Any new update on this feature? This is very interesting secureW2 seems to be doing the same things, but Meraki appears to be taking a different route, which is good biggest question is the customer would have to buy an SM license on top of the regular price. Is there a listed price for an SM license that the average customer would pay from the RIO stand?
My emails to you are being rejected as a disabled account.
I have a doubt for iOS devices that was co figured by SSP and after a period the certificate expired has an automatically way to update this without the user did the procedure manually again?
If I renew the certificate before the expired , Meraki will send to device the update of this certificate automatically?
Regards, JF.