Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

O365 authentication through Meraki WIFI.

Fpizano
Comes here often
‎Feb 27 2020 5:55 PM
‎Feb 27 2020 5:55 PM

O365 authentication through Meraki WIFI.

Need some help here we recently migrated to Meraki WIFI at our company. We use Workspace ONE Boxer for email access on mobile devices with O365.

 

So here is the issue if you need to re-authenticate manually or when you're prompted over WIFI.  You're taken to Microsoft's  login page and you click on your email account. That redirects you to our company's sign in page. So you can sign in and 2FA authenticate with PING ID to keep email coming on your phone. Both Android and IPhones never make to the company sign on page. So essentially you need to switch to 4G and re-authenticate and switch back to WIFI.  Has anyone else had this issue when using Meraki? I'm really new to this so forgive If I did not explain it the best. I see this becoming a issue for people soon. Any help or ideas are appreciated.

 

Thanks

 

FP

 

 

 

 

 

 

 

1.jpg3.jpg2.jpg

 

 

 

0 Kudos
Subscribe
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 27 2020 7:51 PM
‎Feb 27 2020 7:51 PM

How are you authenticating WiFi?  Splash page?  WPA2-Enterprise mode?

0 Kudos
Subscribe
In response to PhilipDAth
Fpizano
Comes here often
‎Feb 28 2020 4:54 AM
‎Feb 28 2020 4:54 AM

WPA2-PSK and no sign on method. This specific SSID is for internal users or business guests visiting our offices. For the most part its for mobile devices for employees to use though.

0 Kudos
Subscribe
In response to Fpizano
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 28 2020 1:31 PM
‎Feb 28 2020 1:31 PM

This really should not be affecting it.  What firewall is the WiFi user traffic passing through?  Have you checked it to see if it is triggering on anything?

 

I'm thinking this is most likely to be an IPS/AMP style issue.  if you are doing SSL inspection anywhere - that is my next guess.

0 Kudos
Subscribe
PFSMatt
Here to help
‎Feb 27 2020 9:40 PM
‎Feb 27 2020 9:40 PM

Interesting, I've been fighting with the MS authenticator app not working properly on iOS devices for ages, and never thought to disconnect from WiFi and try 4G.  But we've had the same thing, can OAuth login fine on the phone, get the Authenticator popup and hit approve, but then it never goes any the further in the settings.  Just sits with the moving dots on the MS login page.  I had to go back to app passwords so users could keep using the builin Mail app.  They always said it worked fine for a couple months, but then randomly stopped working.  Now that I think about it, in every case that it stopped working, they were in the office connected to WiFi.  I remember that even when I first set them up with MFA, it would often take a handul of tries before it would actually continue correctly.

 

And today I've been fighting with OAuth login on my Android phone, similar problem.  Runs through account setup and I can login fine at the MS login page, but hangs on "Getting account info" after the MFA popup.  I just put my phone on 4G, and it went straight through first try and email is working fine.

 

4G is with the same ISP over same network, so I don't think it's an ISP specific issue.  I don't have any filtering on this SSID, either.

 

I might have to investigate further and see if this actually is WiFi related, which seems bizarre.

0 Kudos
Subscribe
In response to PFSMatt
Fpizano
Comes here often
‎Mar 6 2020 1:05 PM
‎Mar 6 2020 1:05 PM

So I have a resolution for this now. We had to change this setting here from filter adult content to custom DNS we added one of our DNS servers and Googles. Once we did this it all worked.

 

 

 

DNS.JPG

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.