When is the splash page piece going to show up?  We already have access to Access Manager at many of our clients and are already testing the EAP-TLS/EAP-TTLS option, but we'd really like to see the splash page part work. ... View more

Unless I'm misunderstanding something, it looks like using Access Manager requires users to authentication via EAP-TLS, EAP-TTLS, or EAP-TTLS/PAP, unless you need to use MAB or IPSK for things you can't install certs on.  Is there a way to configure this to use SAML auth rather than effectively using Access Manager as a cloud-based RADIUS server that syncs its user/group base to Azure?  We were expecting that this would be a solution that allows users to authenticate via browser (similar to how you'd do it at a doctor or hotel) using their Azure credentials, so there wouldn't be a need to distribute/install a cert to devices. ... View more

We just went through the process of setting this up for one of our clients and you can set up multiple IdP connections (so that's nice), however they are all limited to Microsoft Entra ID and nothing else.  I get that Entra ID is the most popular flavor of an IdP, but it not the ONLY IdP out there, so limiting this ability to only those that use Azure is a very poorly thought out design. ... View more

You enable it at the Organization level, but you still have to select it as your authentication method under something like a WLAN (under access controls), or wherever else you want it to be used to proxy the authentication requests through an IdP. ... View more

Once you turn on the feature in the Meraki dashboard you see a new section called Access Manager, which has a button inside of it literally labeled "Integrate with Microsoft Entra ID". Obviously that's not a problem for our clients that use it, but if you had something like a Developer WLAN that you maybe wanted to authenticate with GitHub as an IdP, or AWS, etc. it wouldn't work.   This is all confusing, though, because the documentation you linked specifically mentions that service like Entra ID can be used (as in not only Entra ID):   "Identity and Security Integrations: Integrations with external products and services like Microsoft Entra ID etc. that provide identity, security and behavior context for a user or an endpoint connecting to the network. An administrator has the ability to include any identity or context information from these integrations as a part of matching criteria in the policy evaluation."   And after enabling the button and entering the Access Manager section, you see another link that takes you to https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Organization_End_Users, which further states (and even shows images as examples) that you can have a single or multiple IdPs, and that "Optionally, multiple IdP sources can be synced into a Meraki Organization, enabling the integration of end users from various IdP sources into one cohesive system. Organization Users can be accessed across the organization and utilized in any of the networks and Combined Dashboard Networks."   and   "Identity provider sources such as Microsoft Entra ID can be added to facilitate syncs between the IdP and Dashboard. The IdP sources store the information about the end users & groups. This information is synced and cached by Meraki Dashboard to be used across the organization. Once an IdP source has been configured in Meraki Dashboard it can be used for IdP Syncs. A single IdP source can be used, or multiple IdP sources can be used. "     So, I'm now confused and curious to know whether this is just a wording oversight, a limitation while it's in early access mode, or if they were really dumb enough to limit SAML auth (an open standard) to only work with Microsoft Entra ID rather than allowing any provider that offers SAML to be usable. ... View more

Are you referring to the SAML auth for SSIDs feature, or the EAP-TLS feature? ... View more

You can already do SAML auth for the dashboard itself.  This is about them adding SAML auth for the SSIDs. ... View more

Those are for using SAML auth for the dashboard portal access, not for the SSIDs.  The instructions would be mostly the same, but there will be differences. ... View more

Can you please clarify whether or not the SAML auth for SSIDs will be limited to Entra ID or whether it'll be generic SAML auth (given that it's an open standard and there's no reason to limit this to just Azure customers)? ... View more