Going sideways - I think you are using fundamentally the wrong approach. You should be using SAML for authentication for your staff to authenticate to your clients, and using your Idp to control which staff have access. For example, if you use Entra ID: https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Azure_AD I think that guide could be made better - don't mess around with manifests. Also for an ISP, use role names like (let's pretend your ISP was called "ABC"), abc_admin, abc_read_only. You can then also create conditional access policies to limit access to your clients dashboards from computers that belong to Intune to really tighten things up. I personally prefer Cisco Duo for my Idp ..
... View more