Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Intergrate with Entra ID

Anthony81
New here
a week ago
a week ago

Meraki Intergrate with Entra ID

Our company would like to purchase Meraki switch and Meraki AP but don't want invest on NAC ,below items still can fullfill 

1 Network Security
2. Implement network security (e.g. 802.1x) to protect network against unauthorized access and devices.
3. Allow only Shiseido corporate devices to connect to the network (Wired and Wireless). 3. Implement network segmentation to compartmentalize the sub-networks and deliver security controls and services to each sub-network.
4. Network authentication and encryption methods are to be defined and managed.
5. Separation between internal users and guests.
6. Network security measures and controls must comply with Security Framework.

Labels:
0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
a week ago
a week ago

For Wifi you can use the Meraki cloud user base.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Well implementing 802.1X is in fact investing in NAC 😉
If you want to use Entra ID you will need a NAC solution that can talk with Entra ID.
Alternatively you can deploy certificates via Scepman and supply them to your pc's with an MDM solution and them use Radius as a service to leverage EAP-TLS for authentication of your users on the network, wireless or wired.

 

Guest users just need a separate SSID using PSK or (enhanced) open with a portal page.

0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Using 802.1x with Jumpcloud is also an option otherwise use Meraki authentication as suggested already. 

btr.net.nz
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
a week ago
a week ago

You are not going to be able to integrate with EntraID without spending some more money.

Splash Access have a solution for onboarding both wired and WiFi devices.  It is 100% cloud-based.  You could have a chat to them.
https://www.splashaccess.com/

If you could reduce the scope to WiFi only, and you have Intune managed devices, you could buy a subscription to Cloud PKI.  Meraki MR can authenticate devices with an issued certificate then.
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview

If you are using EntraID (by that I assume you are cloud-native and don't have Active Directory) - have you considered going 100% zero trust, and migrating any app that does not have zero trust to being zero tust capable?  With this approach you no longer care about local network security.

 

Actually, the more I think about it, the more I think you should look at SASE.  The service you would want with your Meraki system is called "Cisco+ Secure Connect".  I think you need to look at this as you need a far more holistic approach to be able to tick your boxes off without a traditional NAC system.
https://documentation.meraki.com/CiscoPlusSecureConnec

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.