Let me make a suggestion. Using the association requirement of WPA2-Enterprise with my Radius Server option, under the Splash page you would select Sign on with meraki authentication, assign block all access until sign on is complete, then add known machines to the whitelist via mac address. When an end-user device on the known machines list attempts to connect to the SSID, they get a prompt to enter their jumpcloud credentials then it bypasses the splash page requirement since their machine mac address is whitelisted. On the other hand, if an unknown machine successfully authenticates using a user's jumpcloud credentials, then they are taking to a splash page requesting the meraki authentication. The meraki authentication would be a single email-address and password set at Network-Wide > Users that only the administrators would know. Did I make it complicated or is this a possibility?   I'm basing my response of the following knowledge base articles: https://support.jumpcloud.com/customer/portal/articles/2406833-configuring-a-cisco-meraki-wap-to-jumpcloud-s-radius-as-a-service https://documentation.meraki.com/MR/Encryption_and_Authentication/Cloud_Hosted_Meraki_Authentication https://documentation.meraki.com/MR/MR_Splash_Page/Using_a_Sign-on_Splash_Page_to_Restrict_Wireless_Access_by_MAC_address ... View more