Agreed.  Only unique client MAC addresses are shown. ... View more

I've worked through this example with the Python SDK and can't reproduce your error.  It might help if we could see the HTTP response that is considered invalid - that should give us some more clues.  Can you catch the exception and display the context?  I'm not sure what format the context takes, I'd try all these:   try: result = devices_controller.get_network_device_performance(collect) catch APIException as e: print(e) print(e.context) print(e['context']) ... View more

There are only two required components: 1) a SAML service provider (SP) - in this case, the Meraki Dashboard 2) a SAML identity provider (IdP)   ADFS and the Duo DAG can both serve as SAML IdPs.  Provided you follow the AD group info I listed earlier, using the Duo DAG is pretty simple.  The flow is simple: the DAG sends you a push (via the Duo cloud), and then redirects you to the Dashboard after authentication.   If, however, you already have ADFS deployed, it might make more sense to use ADFS as the SAML IdP.  In that case, you would follow the guide to use ADFS as the SAML IdP with Meraki.  If you then want to tie in Duo, you'd have to follow the ADFS guide here as well.  The flow here is similar but not quite the same: ADFS would authenticate you via whatever policy you configure, then use the Duo cloud to send you a push, and then redirect you to the Dashboard.   In my mind, using only the DAG is simpler, but it's not as feature-rich of an IdP as ADFS or F5's APM. ... View more

Windows GPO can be used to push out a VPN template, but not a PSK.  The only way to deploy this at scale and not lose your mind is to use certificates.   Once an auto-enrolling certificate template exists in AD, a separate GPO would be used to auto-enroll your users using that certificate template.  That user certificate would then be referenced in the VPN profile. ... View more

Yes, this is possible.  You need to deploy the Duo Access Gateway (DAG), which is just a SAML IdP, and protect the built-in Meraki Dashboard application.   The Duo documentation is a little vague on this, but there are some fundamental assumptions the Duo DAG is making when passing the SAML response to the Meraki Dashboard.  The first is that you have an AD group in place for Meraki users, and that it's of a certain format.  You can then specify a prefix for all these Meraki-related groups in your AD and the DAG will search through all of those.   For example, if you have two groups, SAML-Meraki-Admin and SAML-Meraki-RO, users in either AD group will be able to authenticate, and the role attribute that's passed to the Dashboard is the exact same as the AD group name.  Thus, the role you define within all your organizations must match the AD group exactly.  There is no flexibility in this. ... View more

I can't tell if the error is related to the content you're sending, or in parsing the response.   I've been doing this to send dicts using the requests module: payload = { "roomId": roomId, "personId": personId } resp = requests.post(..., payload = payload)   I've been doing this to convert my HTTP responses into Python-native dicts: response = requests.get(url, headers=headers) #This is a string type(response.text) import json res = json.loads(response.text) #This is now a dict type(res)   ... View more