Meraki AP integrate with Gsuite AD

SopheakMang
Building a reputation

Meraki AP integrate with Gsuite AD

Dear Expert ,

 

Our customer has AD in Gsuite (Cloud) , and contains many users in that cloud AD.

Their requirement is to integrate Meraki AP with Gsuit AD to specific OU.

 

The purpose of doing this is that , when user login to WIFI_STAFF SSID , they just use their username and password of their user AD at Gsuite.

 

Another requirement login once will take 1 year to be login again for that specific device.

 

Can we able to accomplish this as well ?

8 Replies 8
CptnCrnch
Kind of a big deal
Kind of a big deal

Not natively, as far as I know. You'll need to sync your GSuite directory to something like https://jumpcloud.com/product/cloud-radius and leverage RADIUS for user authentication.

rhbirkelund
Kind of a big deal
Kind of a big deal

I don't have any experience with Gsuite AD.

 

That being said, from what I read, it should be possible by using Secure LDAP. However, it does require a RADIUS server, but you should be able to use something like FreeRADIUS for this.

 

Point the Meraki SSID towards the RADIUS server, and it should be communicating with Secure LDAP.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
BrandonS
Kind of a big deal

I used the built in Google credential option for wireless access at a couple schools.  I am not sure if that is different than what you are describing, but basically all students and staff can join wireless using their Google/GSuite credentials.  The domain could be limited like publicschool123.com to prevent just anyone with a Gmail account gaining access.

 

As for the one year renewal requirement I am not sure you can control that.  I would think Google forces reauthenication at some interval.  Maybe 30 days, for example.

 

 

- Ex community all-star (⌐⊙_⊙)
SopheakMang
Building a reputation

Hi Brandon ,

 

Yes , the same thing you describe , just need one more requirement , i need to limit the domain like abc.com then only staff ou can access the wifi.

 

can we restrict on OU of the domain as well ?

I'm not Brandon (sorry 😉), but: yes

BrandonS
Kind of a big deal

Brandon here to also say, yes.  This is, as long as the staff and students use different domains like abcStudents.edu and abcStaff.edu.  Here is what the configuration page looks like:

 

https://documentation.meraki.com/MR/MR_Splash_Page/Google_Sign-In

 

@CptnCrnch is your username a nod to the 2600hz whistle?

 

 

- Ex community all-star (⌐⊙_⊙)
CptnCrnch
Kind of a big deal
Kind of a big deal


@CptnCrnch is your username a nod to the 2600hz whistle?

Good catch @BrandonS!

bhwhite1313
New here

 

Hey, Brandon with JumpCloud here.

 

I'm not in any sales capacity, but I'll second that suggestion that on the surface, this looks to be a good fit for a JumpCloud deployment.

 

How that would look: Both AD and G Suite would integrate with JumpCloud, and JumpCloud would become the authoritative source for the user credentials in both — a password change in JumpCloud would smoothly result in a simultaneous password change in both. Suspend or delete a JumpCloud user, and that user is simultaneously locked out of both.

 

Then, you'd point your wireless access points at our cloud RADIUS servers (we have them in US East, US West, EU and APAC), and each user's same credentials would at that point apply to RADIUS access too, no need for an on-premises RADIUS server.

 

It's free to try at https://console.jumpcloud.com/signup and we have a pubic Slack community at http://ow.ly/seTs30qO7WX . Hope that gives you something to consider.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels