Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join nowAbout EvaF
EvaF
Here to help
Member since May 25, 2023
Saturday
Community Record
15
Posts
16
Kudos
1
Solution
Badges
2 weeks ago
1 Kudo
This is quite creative and super useful - will give this a spin! Thanks for sharing.
... View more
2 weeks ago
2 Kudos
it did NOT work - the XML output showed 2 lines again vs. the single line of semicolon separated single line the application expects. 😞
... View more
2 weeks ago
2 Kudos
That is so funny - I thought of that and wanted to test it out... Now you have just made me insanely curious so I am going to do that and report back!
... View more
2 weeks ago
3 Kudos
I wanted to thank the community for the engagement and support. Ryan is also a total rockstar 😉 To summarize the steps that one does for this setup where it is Meraki Dashboard and SAML SSO using Azure as the IdP: Add a camera role to Meraki Dashboard > Org > Camera and Sensor Roles. Example: cam_site_a (follow the prompts to create). In Azure > App Registrations > App Role add a role of identical name to previous step. Example: cam_site_a In Azure > Entra ID > Groups create a security group that would be for this role. Example: SG-CAM-Site-A In Azure > Enterprise Applications > Meraki Dashboard assign the security group with an associated role. Example: Group name SG-CAM-Site-A and role cam_site_a. Add a user to the new security group and login with that account to test that cameras appear as expected. Now to my specific issue of wanting more than 1 camera role assigned to a user, the work around is to hard code a semicolon into a name so if you want Site A and Site B cameras for a group of users you would create Meraki camera roles cam_site_a and cam_site_b. In the App Role in Azure you literally make the "Value" cam_site_a;cam_site_b (putting a semicolon in that name - it will parse it correctly to the 2 roles when the SAML token is presented at the Dashboard.) There are ways to transform or alter the SAML on the IdP side, which would be a better practice and provide seamless delivery of the desired results, but this will work for now! A screen shot below to help those that may come across this and need a nudge in the future: Then do steps 3-4 per the above and you are there!
... View more
2 weeks ago
That has us building any number of groups to support a campus and multiple sites. I have never run into an application that says it has a the ability to support multiple roles where the solution is to forego roles and everytime there is a new combo we create a new group and add those distinct set of users to the new group. I am beginning to believe the integration does not work as advertised and that you are absolutely correct. But from this Meraki Document: It is supposed to support multiple role assignments.
... View more
3 weeks ago
This app role registration, then association to dedicated security group is how I set it up. For example: The above app roles are associated to two different Entra groups, and my non-admin account is in both of the groups: But when I login, I see only the cameras from the AZ grouping. And the names in Camera and sensor role management do match identically the app registration names. Thank you for the reply!
... View more
3 weeks ago
Hi Ryan, I did look at the full xml just before leaving on Friday but was racing to the doctor. It really looks like a sample login passed multiple groups: (If I'm reading the above correctly - this is the details of the SAML history of a login assigned to multiple groups). But when I logged in as that test user, I see only cameras associated with the mcam_viewlive_az. Under Org -> Camera and Sensor Roles I defined those names limited access but network and tag (copy/pasting the relevant bits): And I guess its picking up the meraki_read from Org > Administrators > SAML administrator roles. Part of the confusion for me is definitely that some documents point to definition in both Org > Administrators of Org > Camera and Sensor Roles but perhaps that is just me "merging" topics? Clearly the XML clip seems to show both. Where SHOULD the Meraki side roles be done?
... View more
3 weeks ago
A visual aid might help. Within the Meraki Enterprise Application in Azure, the Single Sign-On with SAML has a section about your SAML claim and its attributes. In documentation, Meraki says they CAN receive more than 1 role but that SAML token must present as a semicolon separated list. For an enterprise level deployment I might have cameras in BuildingA, BuildingB and so on. So building Entra ID (Azure AD) groups usually by building (or site), I have a group SG-CAM-BldgA-ViewLive (with an associated App role cam_bldga_viewlive) ... and so on. So if a user appears in multiple groups and that user goes through the single sign on - I want it to send that multiple group membership (also called multiple roles) back in the SAML token so that upon authentication that user is given the access to each role received in the token. There are 3 or 4 articles that have pieces of the SAML puzzle and this one says it supports multiple roles being passed: Configuring SAML Single Sign-on for Dashboard - Cisco Meraki Documentation But as detailed a configuration example as is provided in this Azure specific EA setup: Configuring SAML SSO with Microsoft Entra ID - Cisco Meraki Documentation they stop without saying "and here is how you could pass more than one role" which is absolutely maddening when you have multiple sites and buildings to give only that access that is needed in the performance of ones job function.
... View more
3 weeks ago
That is a much needed enhancement just within the Meraki Dashboard world. I will have to read more thoroughly but I did not see the magic bullet I so badly need. 🙏
... View more
3 weeks ago
2 Kudos
The older page - I do see the "Org wide users page" as an option to enable.... would that help or hurt? HA Not sure how that makes the Azure side send that semicolon separated list of groups (with app roles defined)...but I'm a good listener if you're a good talker. Seeing posts from reddit saying this is just a feature that flat doesn't work but I really think it is knowing how to SEND the right data in the SAML token.
... View more
3 weeks ago
I have had a basic SSO/SAML setup for our Org admins to login to our Meraki Dashboard for several years (textbook integration). Now our camera use is growing and I need to have a much more scaled and granular control of who at which site has what access to cameras. Such as Manager at A-Site can View and Export footage and View Live at B-Site. So essentially passing multiple roles with the much talked about semicolon separator. The documentation is not comprehensive at all and literally the first words Meraki Support put in the ticket I opened was "We are unable to assist you...." bla bla. Great impression on a fairly technical issue. I have set up Camera and Sensor only roles such as sitea_viewlive and siteb_viewexport and created Azure groups with these role names assigned (making sure they are IDENTICAL per all documentation notes).... but I for the life of me cannot get it to pass more than one role. Me and Grok3 have been at it for several days off and on. I am a domain admin on the Azure side but this is a more complex task than the typical SAML setup and if I could just find an example anywhere I could probably get unstuck. Is there anyone out there that can even say this actually works? Any kind soul have a link to a crib note that you might share? Thanks! EF
... View more
Oct 23 2023
4:16 PM
I was having a similar problem - just seeing 'true' after going through the SP Initiated SAML sign on and completing Azure Auth sequence. My regular account was having this problem. My separate AD login I'll call evaadmin for this purpose - was logging in and mapping to meraki_write role just fine. I banged on this about 4 hours before turning to the forums and seeing this (and even opened a case with meraki). I have a completely SEPARATE Organization for a small air-gapped tenant that my regular account is also included in. I thought AHA - that is it. I will go delete my regular account from that one off Org we have and I'll be good to go. It got worse from there. I am now presented a "Server error" message and cannot login with any account. This is not good and I don't know how to find my support case if I can't login - rut roh!
... View more
Jun 9 2023
2:15 PM
4 Kudos
Hi Everyone, Just following the community on-boarding flow and happy to be here and to meet people of all skill levels working with Meraki technology for Networks, Camera and IoT in general! I am a 30 year ish veteran in various technology roles, largely UNIX/Linux and Application Engineering but now focused on IT Security, Networking and Camera/IoT deployments based on Meraki. I love that I can bring a lot of multi-disciplinary engineering discipline to make ramping on Meraki products and smart deployments and uses much faster - but I have so much to learn! I'm frankly completely enamored with the Meraki camera platform and the possibility thinking around IoT keeps me up at night 🙂 I hope to gain "crowd sourcing my knowledge journey" by being part of this journey. As humans we must stop working the same problem over and over as individuals and learn to lean on the many who have asked the same question before us! And support others seeking to do the same with a welcoming and not a "did you read the manual"! Fun fact about myself? Hmmm .... I love wheeled objects? I think that is fun! Things that move me!
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 461 | 2 weeks ago |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 4 | 1710 | |
| 3 | 461 | |
| 2 | 305 | |
| 2 | 370 | |
| 2 | 1174 |
© 2025 Cisco Systems, Inc.
