Meraki

Community

Microsoft Entra ID Integration with Splash Page

EWR_meraki
Just browsing
‎Sep 4 2025 4:27 AM
‎Sep 4 2025 4:27 AM

Microsoft Entra ID Integration with Splash Page

Granting Microsoft Admin Consent to Cisco Application

  1. Network admins can sign-in using the below link to grant admin permission to the Cisco application.

https://login.microsoftonline.com/organizations/adminconsent?client_id=d1b29572-1b35-40cc-9152-a8056...

 

got the following error:

 

EWR_meraki_0-1756985160261.png

Any Idea?

 

 

0 Kudos
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 4 2025 4:29 AM
‎Sep 4 2025 4:29 AM

Take a look at the Meraki documentation.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Microsoft_Entra_ID_Integration_wit...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EWR_meraki
Just browsing
‎Sep 4 2025 4:31 AM
‎Sep 4 2025 4:31 AM

already troubleshooted....

0 Kudos
In response to EWR_meraki
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 4 2025 6:15 AM
‎Sep 4 2025 6:15 AM

Double-check the full consent URL

 

https://login.microsoftonline.com/organizations/adminconsent?client_id=d1b29572-1b35-40cc-9152-a8056...

  • Ensure the full client ID is correct and not truncated.
  • Log in as a Global Admin or with one of the required roles.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
EWR_meraki
Just browsing
‎Sep 4 2025 6:17 AM
‎Sep 4 2025 6:17 AM

It looks more after the "callback" function in the direction to the meraki service site.... have a look on the screenshot

0 Kudos
In response to EWR_meraki
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 4 2025 6:22 AM
‎Sep 4 2025 6:22 AM

Hello, thank you, I suggest you:

 

  • Verify Redirect URI in Azure Portal

Go to Azure Portal > App registrations > Cisco Meraki App
Under Authentication, confirm that the redirect URI matches the one used in the consent URL.

 

Edited

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EWR_meraki
Just browsing
‎Sep 4 2025 6:54 AM
‎Sep 4 2025 6:54 AM

1. On Entra, the Cisco Meraki Network Access 

APP is under Enterprise apps, an for that, there is no Auth. setting...

 

2. @Meraki Dashboard, there is no way of a Entra Integration...

 

@ki, have a look: the nearest is...

EWR_meraki_0-1756993894593.png

 

0 Kudos
MartinLL
A model citizen
‎Sep 4 2025 5:44 AM
‎Sep 4 2025 5:44 AM

If it's in a test tenant make sure that you set the email field to be the same as your UPN on your entra id user. This one slipped my eyes when I went through the documentation. 

MLL
0 Kudos
In response to MartinLL
EWR_meraki
Just browsing
‎Sep 4 2025 5:57 AM
‎Sep 4 2025 5:57 AM

It looks more after the "callback" function in the direction to the meraki service site....

0 Kudos
ShaunCro
Here to help
3 weeks ago
3 weeks ago

@Joewro can you confirm your license level meets the requirements for the feature? I believe the wireless Entra SSO integration needs a minimum license level of Enterprise.

https://community.meraki.com/t5/Feature-Announcements/Microsoft-Entra-ID-Integration-with-Splash-Pag...

 

The last screenshot you posted isn't where you enable the sso for the splash page, the sso mentioned there is for the dashboard only, and if you turn it on, please ensure you have a second account that isn't part of your sso to use, as it can lock out existing accounts which have the same email address as both a user in the dash, and and as a sso user. (Just a warning for that one)

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_S...

ShaunCro_0-1760895644012.png

 

For wireless SSO integration, go to Wireless> Under the "Configure" Column on the right of the pop out menu, click on "Access Control" In the top left, select your ssid, and under Security set to Open, under splash page, where you see Sign on with, which is typically set to Meraki Cloud Auth, select that option and then click on the drop down and select Entra ID as the logon method. In the doc below there are a number of sites in specific places that need to be configured correctly for the authentication channels to be allowed by the firewall and wifi for users to communicate with meraki and microsoft and pass the token generated by the clients sign in event to the meraki ap's and dash so they are aware of the successful event and provide the client access.

 

https://documentation.meraki.com/MR/Design_and_Configure/Encryption_and_Authentication/Microsoft_Ent...

When you configure the walled garden, they provide a link to a list of MS sites that you need to add to the walled garden exclusion list to allow the requests through, I went with the top 3 categories, the general would allow way too much for my liking.

 

The 3 category's to reference urls for in the doc below are:

  • Azure Portal Auth
  • Azure portal framework
  • Account data

Now we get to the part where you had issues, click on the link to create the application, and follow through to the error

https://login.microsoftonline.com/organizations/adminconsent?client_id=d1b29572-1b35-40cc-9152-a8056...

After you have confirmed and created the app, and ended up with your error...

 

Go into entra ID and find the application Cisco Meraki Network Access under the enterprise applications. Double click on the app and in the left column, click on permissions then click to provide Admin consent on behalf of your company.

ShaunCro_1-1760901231777.png

 


You will be required to confirm your account and immediately after that, you will see the same page that caused your initial error you logged. Only this time it will be successful. And now the app will have the required consent for you to continue with the single sign on portal setup.

Essentially you have to fail to succeed in this case. 

0 Kudos
In response to ShaunCro
EWR_meraki
Just browsing
3 weeks ago
3 weeks ago

Thank you for the time, but the status is "quo"...

 

-There are two ways for the consent, the "alternativ" is also not working...

EWR_meraki_0-1761114276086.png

 

-What i see, is that my consent user has no active API key....does it matter in this case?

EWR_meraki_1-1761114722528.png

PS:" Entra ID SSO with Meraki Network Access APP work`s well...."

0 Kudos
In response to EWR_meraki
ShaunCro
Here to help
3 weeks ago
3 weeks ago

So when you consent, it will only apply the consent to what is needed. And I think it being an app means that it has it's own built in connection strings, forgive me if I'm not understanding the question. I take it you setup a user account for the access assuming it needed an api key to do it. As far as I have seen, the SSO integrations don't require api keys or access. I've only recently started playing with SSO, but as far as I know and I could be very wrong here, but the token generated by the logon session carry's with it certain data that is passed to the requesting server via the users interaction. So there is do "direct" call from entra to meraki and vice versa.  Everything is done via the browser session and the tokens contain the data that each need to cater for, and checks are done to ensure that the app requesting the access is authorised to.

 

I started uat on my setup yesterday, and it's working so far. I do have to add more groups to the allowed to access for larger adoption, but I'm testing different scenarios at the moment and for security and what the benefit is and what hindrance the users could suffer.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.