Organization End Users
The following instructions outline how to use the Organization End Users. Organization End Users represent the users who are using the network client devices and/or authenticating into the network devices. Identity provider (IdP) sources help facilitate the management of end users so Dashboard can use the same users/groups as existing enterprise IdP systems. Account information such as name, email, usernames, UPN, etc are used from the IdP source, making a single source of end user information reliable within Meraki Dashboard. Optionally, multiple IdP sources can be synced into a Meraki Organization, so end users from multiple IdP sources can be collected together to use with ease within a single Meraki Organization. Organization End Users can be used across the organization between any of the networks and combined networks.
Note: Organization End Users is in Early Access and needs to be opted in. The Early Access page is available to org-write admins in the navigation menu by going to Organization > Configure > Early Access.
Some features and user interface screenshots referenced in this document may change as development progresses throughout the Early Access period.
Existing Network Users
Network users created in all the various Meraki Dashboard networks are consolidated into the single Organization > Users page. For example, users added into the Network-wide > Users page for user access to Meraki Network zones (such as Wireless SSID, VPN, and Switch Access Policy) are automatically added to the single Organization > Users page. Owners from Meraki Systems Manager in all the various networks are also added to this single Organization > Users page in the same way. This allows a single page for end user searching, monitoring, and management across every sub network within the Meraki Dashboard.
Add A New IdP Source
Identity provider (IdP) sources such as Microsoft Entra ID can be added to facilitate syncs between the IdP and Dashboard. The IdP sources store the information about the end users & groups. This information is synced and cached by Meraki Dashboard to be used across the organization. Once an IdP source has been configured in Meraki Dashboard it can be used for IdP Syncs. A single IdP source can be used, or multiple IdP sources can be used.
A new IdP source can be added in Dashboard by navigating to Organization > Users and then clicking on Configure.
Microsoft Entra ID
Microsoft Entra ID is a supported identity provider (IdP) to Meraki Dashboard. When using Microsoft Entra ID the master records of user accounts can remain on Microsoft Entra ID portal and synced (cached) into Meraki Dashboard.
1. Sign into Microsoft Entra ID portal at https://portal.azure.com/.
Note: Please ensure your account Microsoft Entra ID enabled. More information available here for licensing information.
2. Navigate to Home > Overview. Copy the Tenant ID for your account. This identifier is used as the Directory (tenant) ID within Meraki Dashboard.
3. Next, we need to create the enterprise application. The application holds the users/groups delegations. Navigate to Manage > All applications in the sidebar. And then click on + New application.
Click on + Create your own application and give your application a name. Inside the Create your own application dialogue choose integrate any other application you don't find in the gallery.
Once the application is saved & created, copy the Application ID -- this is the Application (client) ID inside Meraki Dashboard.
4. Next, we will need the application secret. Navigate to Manage > Certificates & secrets click on + New client secret. Give your client secret a description, choose the expiration date, and save it. Then the client secret will be added to your application and the Value will be viewable. This Value is Client secret value we need to add to Dashboard.
Note: Every Entra ID secret value has an expiration date. Once this expiration date is reached a new secret value will be necessary for IdP syncs to continue.
Great! Now you have the Directory (tenant) ID, Application (client) ID, and Client secret value. Please add these to Meraki Dashboard in Organization > Users > Configure > Integrate with Microsoft Entra ID.
Permissions
The following Microsoft Graph API permissions (found under Manage > API Permissions) are required to grant to the Entra ID application. Without these permissions, the syncs may not be able to complete successfully:
Microsoft Graph > Directory.Read.All
Microsoft Graph > User.Read.All
Please ensure these are all selected as Application permissions.
IdP Syncs
IdP Syncs keep the information about end users and groups updated in Meraki Dashboard with the latest information from the identity provider. An IdP sync can be triggered manually or setup to sync automatically (see below steps for each). The last completed IdP sync timestamp will be displayed in Dashboard > Organization > Users under IdP Sources:
Automatic syncs
The Meraki Dashboard will automatically sync Users/Groups from the IdP every ~6 hours when enabling the Sync option for the IdP settings in Dashboard:
Manual Syncs
If automatic syncs are not being used ("enable proactive sync" is disabled) then syncs from the IdP must be initated manually by an organization administrator. This can be done on the Organization > Users page by clicking on the Sync > ${You_IdP_Name}. 
Manual syncs can take anywhere from ~5 seconds to multiple minutes to complete. You do not need to remain on the page while the sync progress, as this will happen in the background on the Meraki Cloud. However if you are still on the Organization > Users page while the sync finishes a banner will appear to show the successfully completed sync.
End Users
End Users represent the users within an organization who will be authorized and/or blocked for access of various parts of the Meraki networks. In the example below an end user called matt_user is created in Microsoft Entra ID and then synced into Dashboard.
The Organization > Users page loads all the users within the Organization. These users can be searched by username, display name, email, etc.
Clicking on the individual user loads additional information about the user such as their account information, groups, and channels of enabled/disabled access.
Note: While Meraki End Users is under Early Access the "Enabled access" features will be under development.
View of this same user from Microsoft Entra ID:
The master record of this account remains held with the IdP and can be updated with changes on the IdP (e.g. Entra ID) and new syncs into Meraki Dashboard.
Groups
Groups are multiple users collected under a single name space. In the example below a group with 2 users collected into a group called TestGroup123. This group is created in Microsoft Entra ID and then synced into Dashboard. 
In Microsoft Entra ID, we can see this same group name which is synced into Meraki Dashboard. Changes to this can be done on the IdP and then synced into Meraki Dashboard.
