Is it possible to configure SAML-based user authentication against 3rd party iDP (okta) for byod SSID?
Not using SAML, no (at least not out of the box).
But I see Okta have an LDAP interface:
https://www.okta.com/blog/2018/09/move-ldap-authentication-to-the-cloud-with-oktas-ldap-interface/
And you can configure LDAP splash page authentication.
This requires Okta agent to run on-prem or at AWS/GCP, which we are trying to avoid.
SAML auth would be ideal as no agents would require. Would Meraki partner with IronWiFi to provide this functionality?
Meraki have an open API, so IronWiFi would just need to integrate with it.
I believe Splash Access already provides integration with Azure AD if you don't mind using a third party.
https://www.splashaccess.com/cisco-meraki-azure-ad-with-splashaccess/
We don't have Azure AD to integrate with, but we have Okta. Is there an FRE for Meraki native api integration with OKTA?
IronWiFi has RADIUS-based integration with Meraki: https://www.ironwifi.com/cisco-meraki/
Hi @avshch
Did you ever find a solution to this? I'm trying to figure this out myself. I haven't been able to connect the Okta LDAP interface with Meraki at all.
I am trying to avoid purchasing Ironwifi or Foxpass if I can.
My company is interested in this too. We've virtually eliminated AD / LDAP and the ridiculous overhead that comes with stand-alone directory management. It's bugging me that with all the available authentication integrations, SAML isn't included.
I am working on this for a customer using the Sponsored Guest Portal. When the user connects to the AP ISE redirects them to Azure AD and ISE reports them as authenticated. The user gets a browser window with a message to click the continue button. On doing so they get an error 500 message. we are running ISE3.1on a single box in AWS as PoC.