Hi all,
We have 1 SSID where users need to login with their 3rd party credentials of their Google accounts from the company.
we're loving this feature since we can easily see who is on which device.
Tho the authentication method was broken on mobile devices because they can't confirm the 2FA on the same device that is trying to login on the splash page since going to gmail stops the logging in process on the splash page.
however that problem is going to be a different topic.
What i'm trying to accomplish is that our users only see the once splash page ever... not even after 90 days.
I feel like i figured it out with a grouppolicy that i'm going to have to assign to each user after they have authenticated.
The policy has the 'bypass' splash page enabled.
I was wondering if this is a good/safe workaround and also how long will Cisco Meraki remember the user that originally authenticated? will it be the duration of the splash page frequency (3 months) or will it remember it until we forget the client?
Below you can see what it looks like when a client authenticated and then when I apply the grouppolicy after.
any thoughts are much appreciated
Hi,
the client will continue to bypass the splash page even after the 90 days as long as the group policy is applied. Basically, there is no splash authentication here if the group policy is applied to the client.
Hi,
Thanks for the reply.
I figured that meraki would remember that it applied that grouppolicy until i manually forget the client but will it also remember the user that authenticated once in the beginning even after those 90+ days?
cheers
Hi,
No, the user will only remain authenticated for a duration of 90 days depending on your configuration but after that, the user will be prompted with splash log in again.
Hi Densy,
thanks for the reply.
so I just did a test with a 30 minute splash frequency. so the user would have to login every 30 minutes with his google account.
So i tried this on my device, once i'm signed in and authenticated i'm assigning the user a group policy that bypasses the splash page.
That way i try to maintain security because they still have to login before they can use the wifi but once signed in i assign them that bypass policy so they wil never have to sign in again.
it looks like this now:
so after the 30 minutes it says not authorized but i can still see the user that originally signed in. which is what my goal was in the first place, so all good there.
But now my million dollar question is: How long will Meraki remember the user that originally signed in via the splash page?
Hi,
I believe the clients will be authorized only for the duration configured. In this case, after 30 mins the clients will have to re-authenticate unless the group policy is still applied.