tkovac
Here to help
Mar 21 202210:01 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 21 202210:01 PM
Dashboard SSO with SAML and Azure AD - Consumer URL broken?
I've been trying to configure SAML for management login and followedConfiguring SAML SSO with Azure AD - Cisco Meraki
Going to dashboard.meraki.com just goes to the logon page and SSO never initiates.
When I click Test from Azure it logs me in fine.
There are no options in Meraki Dashboard to add the Login URL, Azure AD Identifier or Logout URL from Azure.
Is anyone able to tell me what I'm missing here?
Thanks.
Solved!Go to solution.
Labels:
- Labels:
- Administrators
0Kudos
Subscribe
1 Accepted Solution
Bruce
Kind of a big deal
Mar 22 20222:42 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 22 20222:42 AM
The issue is this statement in the document…
You can’t do a SAML login from the Service Provider (I.e. the Dashboard). You need to login through the identity provider (IdP) and it should then redirect you to the Dashboard and pass the SAML token in the process.
View solution in original post
0Kudos
Subscribe
- All forum topics
- Previous Topic
- Next Topic
16 Replies 16
Bruce
Kind of a big deal
Mar 22 20222:42 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 22 20222:42 AM
The issue is this statement in the document…
You can’t do a SAML login from the Service Provider (I.e. the Dashboard). You need to login through the identity provider (IdP) and it should then redirect you to the Dashboard and pass the SAML token in the process.
0Kudos
Subscribe
tkovac
Here to help
Mar 22 20227:25 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 22 20227:25 PM
Thanks@Bruce- is that the URL that Azure gives?
When I try that I get this:
Sorry, but we’re having trouble signing you in.
AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.
0Kudos
Subscribe
tkovac
Here to help
Mar 24 20225:04 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 24 20225:04 PM
I have found the full URL that Azure uses but as yet have been unable to turn this into a useable seamless link.
Thanks for the help anyway.
0Kudos
Subscribe
DaSz
New here
Oct 10 202211:31 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oct 10 202211:31 AM
You have to separately configure Service Provider-initiated SAML to do SSO from the dashboard, seehttps://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/SP-Initiated_SAML_...
2Kudos
Subscribe
In response to DaSz
tkovac
Here to help
Oct 10 20223:44 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oct 10 20223:44 PM
Thanks - I will check this out when I get some time and report back.
0Kudos
Subscribe
Dudleydogg
A model citizen
Dec 3 202212:44 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dec 3 202212:44 PM
I setup 2 dashboards one works perfectly, and the other one goes through the redirect process then Just lands on the Meraki page with a dialog that says "TRUE" and never goes to the dashboard, Test from the Azure portal are all Green. Thoughts or suggestions?
0Kudos
Subscribe
In response to Dudleydogg
Aaron_Kennedy
Here to help
Feb 12 202312:10 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feb 12 202312:10 PM
I ran into this issue today. It turns out that any account that tries to use SAML/SSO access to Meraki dashboard cannot have the same email address (username) as an already existing Meraki dashboard account.
As soon as I configured a different administrative account in Azure for write access to Meraki dashboard, that account was able to progress through the SSO process and get deposited in the dashboard without landing on the "true" page.
1Kudo
Subscribe
In response to Aaron_Kennedy
tkovac
Here to help
Feb 12 20231:48 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feb 12 20231:48 PM
Thanks@Aaron_Kennedy, just tried this and it worked when using the direct link but it still doesn't work from the dashboard as @Brucestated.
I can't really see the benefit of it until it does work from the dashboard.
0Kudos
Subscribe
C3SGInc
Getting noticed
Dec 14 202212:28 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dec 14 202212:28 PM
Has anyone been able to get the SP-Initiated SAML SSO to work? I can get the test to work and then went through the guide to add SP-Initiated. I go to the url for my subdomain and select SSO and get directed to my AAD login, complete the login but then get an error that my application identifier was not found in the directory.
Any ideas?
0Kudos
Subscribe
In response to C3SGInc
tkovac
Here to help
Feb 12 20231:49 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feb 12 20231:49 PM
Looks like nothing has changed since@Bruceposted the solution here. Just tried this morning and still can't do it from SP.
0Kudos
Subscribe
In response to tkovac
Aaron_Kennedy
Here to help
Feb 13 20238:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feb 13 20238:37 AM
I also had some issues with SP when I tried to set it up. I was able to get IdP working easily, but the SP process was still broken (and some necessary configuration elements were missing fromOrganization-->Settings in the dashboard).
But then I found a toggle button in theOrganization-->Early Access section of dashboard where I could turn on SAML SSO. After flipping that toggle button, the required configuration options showed up in the dashboard settings and I could complete the SP setup process and get it working properly.
0Kudos
Subscribe
CHTL-User
Here to help
Aug 8 20236:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Aug 8 20236:37 AM
This was really useful - I had all of the same problems and got it working.
A couple of sticking points - I finally found the User access URL for ldP initiated access under Meraki Dashboard App > Properties. That worked fine.
After enabling SP-initiated SAML, I got the same message as@C3SGInc (Application with identifier xxxx not found in directory) - I had to add an additional Identifier under Meraki Dashboard App > Single sign-on > Basic SAML Config specifying https://[organisation].sso.meraki.com.After that, it worked.
Otherwise, I followed the KB articles and advice in this post and got there in the end. Thanks.
2Kudos
Subscribe
In response to CHTL-User
jose_franco
Conversationalist
Friday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
As@CHTL-Usermentions...
Updating theIdentifier (Entity ID) for the Meraki App in Entra ID from the default value ofhttps://dashboard.meraki.comtohttps://[organisation].sso.meraki.com
resolved SP-Initiated access for me. Thanks!!!
0Kudos
Subscribe
C3SGInc
Getting noticed
Monday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
Is the [organisation] the same as the name from the Organization Settings/Name in the Meraki Dashboard? If so, how is it handle spaces?
0Kudos
Subscribe
In response to C3SGInc
jose_franco
Conversationalist
Monday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Monday
@C3SGInc- No, actually the value is the same as what is defined in Meraki Dashboard under Organization/Settings/Authentication/SSO Subdomain.
Screenshots below for reference:
Meraki screenshot:
Entra ID screenshot:
1Kudo
Subscribe
In response to jose_franco
C3SGInc
Getting noticed
Tuesday
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Perfect and thank you for taking the time to include the screenshots.
0Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Subscribe
