Dear Expert ,
Our customer has AD in Gsuite (Cloud) , and contains many users in that cloud AD.
Their requirement is to integrate Meraki AP with Gsuit AD to specific OU.
The purpose of doing this is that , when user login to WIFI_STAFF SSID , they just use their username and password of their user AD at Gsuite.
Another requirement login once will take 1 year to be login again for that specific device.
Can we able to accomplish this as well ?
Not natively, as far as I know. You'll need to sync your GSuite directory to something like https://jumpcloud.com/product/cloud-radius and leverage RADIUS for user authentication.
I don't have any experience with Gsuite AD.
That being said, from what I read, it should be possible by using Secure LDAP. However, it does require a RADIUS server, but you should be able to use something like FreeRADIUS for this.
Point the Meraki SSID towards the RADIUS server, and it should be communicating with Secure LDAP.
I used the built in Google credential option for wireless access at a couple schools. I am not sure if that is different than what you are describing, but basically all students and staff can join wireless using their Google/GSuite credentials. The domain could be limited like publicschool123.com to prevent just anyone with a Gmail account gaining access.
As for the one year renewal requirement I am not sure you can control that. I would think Google forces reauthenication at some interval. Maybe 30 days, for example.
Hi Brandon ,
Yes , the same thing you describe , just need one more requirement , i need to limit the domain like abc.com then only staff ou can access the wifi.
can we restrict on OU of the domain as well ?
I'm not Brandon (sorry 😉), but: yes
Brandon here to also say, yes. This is, as long as the staff and students use different domains like abcStudents.edu and abcStaff.edu. Here is what the configuration page looks like:
https://documentation.meraki.com/MR/MR_Splash_Page/Google_Sign-In
@CptnCrnch is your username a nod to the 2600hz whistle?
Hey, Brandon with JumpCloud here.
I'm not in any sales capacity, but I'll second that suggestion that on the surface, this looks to be a good fit for a JumpCloud deployment.
How that would look: Both AD and G Suite would integrate with JumpCloud, and JumpCloud would become the authoritative source for the user credentials in both — a password change in JumpCloud would smoothly result in a simultaneous password change in both. Suspend or delete a JumpCloud user, and that user is simultaneously locked out of both.
Then, you'd point your wireless access points at our cloud RADIUS servers (we have them in US East, US West, EU and APAC), and each user's same credentials would at that point apply to RADIUS access too, no need for an on-premises RADIUS server.
It's free to try at https://console.jumpcloud.com/signup and we have a pubic Slack community at http://ow.ly/seTs30qO7WX . Hope that gives you something to consider.