SLO would be expected to be initiated by the IDP, instantly revoking access via the Meraki. It's up to the implementation to correctly support it, which Meraki seems disinterested (as evidenced by this very long, very old, and very ignored forum thread) ... View more

Posted to the video too, but I also want this communities input...   I'm trying to understand the upside. So Meraki, with the assist of additional licensing ($$$), is registering trusted devices (eh erm... 'Conditional Access' which we already pay for via MS's licensing). Why can't Meraki support just support SAML SSO for wifi connections (via captive portal prior to authenticating to the IDP and whitelisting the required IDP urls), and let the AAD admin configure conditional access? This just seems like another system to manage that does effectively the same thing as AAD. Am I missing something? ... View more

* In the wallet garden, you need to define all Microsoft (O365) connection links.   This is where we are stuck. In order to push the user to Azure AD to sign-in, the walled garden needs to allow requests to the Azure IDP. These are seemingly random IP addresses that are GEO distributed. Is there a way to whitelist by domain name to Azure AD's IDP? This would simplify having to keep tabs on the ever-changing IP address list from Azure. .. Unstuck! It appears that under the walled garden ranges, it also supports domains, and wildcards. This should allow us to proceed with creating an application that challenges the user but allows access to the Azure IDP. Thanks for the outline above! Helpful! ... View more