Meraki

Community

Meraki Login

Riser
Getting noticed
‎Jun 4 2024 9:30 PM
‎Jun 4 2024 9:30 PM

Meraki Login

What we are trying to achieve is logging on to our Meraki WiFi and having the login/authentication to Office365/Windows pass the Office365/Windows credentials through to the WiFi logon process. I can’t remember precisely what this particular process/technology is called.

What we are trying to reduce/eliminate is the number logons required to get onto our corporate WiFi. This should work with iPhones, Androids, Mac, and Windows PCs. Is this possible?

Basically, do we have Meraki documents for authentication to the Meraki network through MS365?

 

Thanks.

 

Labels:
0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 5 2024 2:47 AM
‎Jun 5 2024 2:47 AM

The problem is the WiFi standard does not support SAML/OAUTH logins - which is the thing that Office 365 does support.  To push this concept further, consider the case of accounts that don't use a password at all, such as FIDO2.

 

If you want a 100% Meraki solution and don't use an MDM, you can use Trusted Access (this requires a Systems Manager licence).

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

 

If you are happy to use Meraki Systems Manager then you can configure that to use Entra ID authentication, and then have it automatically deploy a certificate to devices for future authentication.  The feature is called "Sentry".

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Certificate-based_Wi-...

 

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication#Azure_Active_Dire...

 

 

Some people use Entra ID LDAPS, although it is not supported by Microsoft.  You have to build a VPN to Azure to make this work.
https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-ldaps

 

Some people have been playing with using Intune and Cloud PKI.  This lets you deploy a certificate to every device and authenticate using that.

 

Some people are using scepman because it is cheaper.

https://www.scepman.com/

 

Some people use Splash Access.

https://www.splashaccess.com/portfolio/cisco-meraki-azure-active-directory-authenticated-wifi/

 

alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 5 2024 2:52 AM
‎Jun 5 2024 2:52 AM

To access your corporate WiFi, you need to integrate Meraki WiFi with Office 365 (Azure AD) for authentication. However, Meraki does not directly support authentication with Azure AD, you need to use an intermediate network policy server (RADIUS) associated with Azure AD. If you have an on-premises AD environment using ADConnect to Azure AD to do directory synchronization, you can deploy NPS server to authenticate.

 

Configuring WPA2-Enterprise with Meraki Authentication - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 5 2024 2:54 AM
‎Jun 5 2024 2:54 AM

https://apicli.com/2021/12/13/meraki-mr-802-1x-with-azure-active-directory/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.