The number of logins for each user in an organization is endless. Each new system, platform, or tool inevitably introduces a new set of logins for users, and it falls to the admin to manage those logins. It is also up to the admin to revoke access as users change roles or leave the organization. Not only must RADIUS or Active Directory be updated, but also any other tools the user had access to. This list is often extensive and can create complexity while also compromising security. We wanted to do our part to assist with this problem, so the Cisco Meraki team has added a feature for streamlining access to the Meraki dashboard: SAML (Security Assertion Markup Language), also knows as single sign on.
SAML eliminates the need to manage additional network-wide logins by setting up a trust relationship between the customer’s identity provider and the dashboard. By doing so, customers can easily access dashboard.meraki.com without having to enter additional credentials, greatly enhancing the user experience. SAML can be configured in the Organization > Settings tab.
The “Customer URL” will be entered into the customer’s Identity Provider, which will redirect authenticated users to the Meraki dashboard. The “X.509 cert SHA1 fingerprint” must be obtained from the identity provider and enables the user authentication to be passed along to the dashboard. The “SLO logout URL” specifies where the user will be redirected after logging out of the Meraki dashboard.
Extending the Meraki dashboard beyond IT
With the dashboard integrated into internal corporate services, dashboard tools can easily be extended to other parts of an organization. Finance teams can monitor facility usage to justify spending, marketing teams can align retail location foot traffic with marketing campaigns, and operations teams can optimize supply chain based on customer density. Customized dashboard access can be granted to each of these users groups by specifying the SAML roles. Below we have created a Customer, Engineering, and Marketing SAML role with varying levels of access.
For example, the Marketing users can be granted just “monitor only” visibility into the Meraki dashboard. Now, when the Marketing users log into the dashboard, they will only have visibility into analytics data in the dashboard shown below, and not configuration panels.
Here is a quick snapshot of what the user will experience when logging into the dashboard using SAML single sign on.