I am not an expert but I think the certificates are actually generated by Meraki after the user successfully authenticated via SAMl on the portal. My doubt is whether the authentication is performed on Azure via SAML at every network authentication attempt, or if it terminates on the SM and it is valid until expire date. What would happen if you "remove" a user from Azure AD? ... View more

This is great. We are also seeing the adoption of Passpoitn in offices becoming a trend!   One common scenario is the following: We set up an internal portal for employees, where they can signup for WiFi access They receive a confirmation email with a personalized link to download a Passpoitn profile on their devices In the email, they are also informed that for devices that do not support Passpoint, they can still click on the SSID, that prompts the WAP2-E dialog, and enter their username/password. In other cases, a direct integration with the company directory, automatically provisions WiFi for all the employees and sends them the activation email with Passpoint link and WPA2-E credentials.   Some ideas can be found here: https://cloud4wi.zendesk.com/hc/en-us/articles/360034801851-Passpoint-introduction       ... View more