Skip to main content
Cisco Meraki

Configuring SAML SSO with Azure AD

This article provides a walkthrough of configuring Azure Active Directory as an identity provider (IdP) for the Cisco Meraki dashboard. This helps administrators who want to move their Active Directory on a cloud platform like Azure to integrate SAML SSO with the Meraki dashboard. It is recommended that administrators read the article on SAML integration for Dashboard before proceeding.

Installing the Meraki Dashboard Application in Azure

  1. On the Azure Portal home page, click Azure Active Directory.
  2. On the left-hand side within Azure Active Directory, click Manage > Enterprise applications.

Screen Shot 2021-02-03 at 4.43.39 PM.png

3. Click New application.

Screen Shot 2021-02-03 at 4.45.21 PM.png

 

4. Search for “Meraki Dashboard”.

Screen Shot 2021-02-02 at 12.28.16 PM.png

5. Select the application title named Meraki Dashboard with Cisco Systems, Inc. as the publisher and click Create.

6. Navigate back to Enterprise applications from step 2. Once the app has finished installing, you will see Meraki Dashboard in your application list.

Screen Shot 2021-02-01 at 3.01.08 PM.png

 

Creating App Roles within Meraki Dashboard Application in Azure

There are two methods to declare app roles using the Azure Portal:

  • App roles
    • Uses UI to make changes
  • App manifest editor
    • Requires editing JSON by hand

Microsoft Azure explains both methods to declare app roles in their platform.

The Value of the role you configure in the Azure Portal must match the Role you configure in the Meraki dashboard.

Examples of the app role and app manifest editor are shown below to showcase the differences in management.

  • App roles example:

Screen Shot 2021-02-03 at 4.48.08 PM.png

  • App manifest editor example:

Greenshot 2021-02-03 16.51.12.png

 

Adding User Roles to the Meraki Dashboard Application in Azure

  1. On the Azure Portal home page, click Azure Active Directory.
  2. On the left-hand side, click Manage > Enterprise applications.

Screen Shot 2021-02-03 at 4.43.39 PM.png

 

3. Find and select Meraki Dashboard app from the application list.

4. On the left-hand side, click Manage > Users and groups.

Screen Shot 2021-02-03 at 4.54.09 PM.png

 

5. Click Add user/group

Screen Shot 2021-02-03 at 4.55.51 PM.png

 

6. Select the users who can access your Meraki dashboard organization and assign a role.

Screen Shot 2021-02-01 at 5.34.54 PM.png

 

7. Click Assign when done assigning permissions.

The list of users will be shown in the user list of the Meraki dashboard application in Azure.

Enabling SAML SSO in Azure Active Directory

  1. On the Azure Portal home page, click Azure Active Directory.
  2. Click Manage > Enterprise applications.

Screen Shot 2021-02-03 at 4.43.39 PM.png

 

3. Find and click Meraki Dashboard app from the application list.

4. Select Single sign-on on the left under Manage and select SAML.

Screen Shot 2021-02-02 at 2.30.16 PM.png

 

5. Within the Basic SAML Configuration section, click Edit and type https://n27.meraki.com/saml/login/ into the Reply URL text field.

This is a default reply URL used to generate the thumbprint in step 7.

The unique reply URL for your dashboard organization will be generated in the following section.

6. Click Save.

Screen Shot 2021-02-03 at 4.57.33 PM.png

7. Copy the Thumbprint from the SAML Signing Certificate section and save it for the Linking Azure with Your Meraki Dashboard Organization section.

Azure will show a default thumbprint value prior to completing step 5.

Greenshot 2021-02-03 17.02.47.png

 

 

Enabling SAML SSO in Meraki Dashboard

1. Log in to your Meraki Dashboard and navigate to Organization > Configure > Settings.

2. In the Authentication section, toggle SAML SSO to SAML SSO enabled and click Add a SAML IdP.

Screen Shot 2021-02-01 at 3.53.49 PM.png

3. In the X.509 cert SHA1 fingerprint field, enter the certificate Thumbprint generated in the Enabling SAML in Azure section.

Azure generates the X.509 cert SHA1 fingerprint as single string and dashboard expects the X.509 cert SHA1 fingerprint to have a colon after every two characters.

  • Azure-generated string  > 138FK3KF32F32FWEGT43A32S544G3QY43VHA035G
  • Meraki dashboard-formatted string > 13:8F:K3:KF:32:F3:2F:WE:GT:43:A3:2S:54:4G:3Q:Y4:3V:HA:03:5G

4. The unique Consumer URL or Reply URL in Azure will populate, as shown below, once the changes are saved. Copy the Consumer URL and save it for later.

Greenshot 2021-02-03 17.06.28.png

5. In Azure Portal, navigate to the Single sign-on SAML section.

6. Within the Basic SAML Configuration section, click Edit.

7. Overwrite the existing default Reply URL (Assertion Consumer Service URL) with the Consumer URL from step 4.

The Identifier (Entity ID) field should auto-populate. If it does not, enter https://dashboard.meraki.com into this field.

Greenshot 2021-02-03 17.08.58.png

 

Creating SAML Administrator Roles in Meraki Dashboard

1. Log in to your Meraki Dashboard and navigate to Organization > Configure > Administrators and click Add SAML role.

Screen Shot 2021-02-03 at 5.12.15 PM.png

2. Create a role and select the access you would like this role to grant the user.

The Role name must match the Value of the app role configured in Azure, otherwise users will not be able to log in through SAML to the configured organization.

Screen Shot 2021-02-01 at 4.21.35 PM.png

3. Click Create role.

4. Repeat steps 1-3 for each additional SAML role created in Azure.

Screen Shot 2021-02-01 at 4.25.15 PM.png

  • Was this article helpful?