Organization Users
Users listed within Dashboard represent the people who utilize network resources and/or authenticate into network devices.
External Identity provider (IdP) sources assist in managing these users, allowing the Dashboard to work with the same user and group information that exists in enterprise IdP systems. Information such as names, email addresses, usernames, and User Principal Names (UPN) are sourced from the IdP, ensuring that there is a reliable single source of user information within the Meraki Dashboard.
User records may also be created and managed within Dashboard, either manually or through user self-registration.
Organization Users are accessible across the organization and can be used in any network and Combined Dashboard Networks.
Reference Links
- Managing Access for Guest Users - for more information on how to manage access for guest users (Client VPN - L2TP and Splash Wireless).
- Managing Access for 802.1X Users - for more information on how to manage access for 802.1X users (Wireless 802.1X Enterprise with Meraki Cloud Authentication and Switch Access).
- EntraID IdP Integration - Setup EntraID as an external IdP
Organization > Monitor > Users page
The Organization > Monitor > Users page provides a consolidated view of users created across all the Meraki Dashboard networks as well as user records synced from external identity providers. It enables a single view for user searching, monitoring, and management across every sub network within the Meraki Dashboard. It also provides facilities for creating and managing integrations with external identity providers.
Records maintained by an external identity provider (IdP) such as Microsoft EntraID can be updated with changes from the external IdP during new syncs into the Dashboard. For locally hosted users, with records created within Dashboard or through self-registration, the IdP source is shown as “Meraki”. For example, users added into the Network-wide > Configure > Users page for User Access to Meraki Network Zones (such as Wireless SSID, VPN, and Switch Access Policy) are automatically included in the single Organization > Monitor > Users page with “Meraki” shown as the IdP and zone access information summarized with the type of zone. Owners from Meraki Systems Manager in all the various networks are also added to this single Organization > Monitor > Users page in the same way.
The Organization > Monitor > Users page displays up to 1,500 recently updated users. If the user you’re looking for does not appear in the list, use search or filters to narrow the results. Search and filters can return users who are not shown in the default list, as long as the matching result set is within the 1,500-user display limit.
You can also use the User Groups tab under Organization > Monitor > Users to find a group and then view the users associated with that group.
Clicking on an individual user shows more details, including their account information and assigned groups. For users managed directly in Dashboard, the network zones where access has been granted are also shown.
Table of User Sources
|
User Source |
Authorizations |
Sync |
Groups |
|---|---|---|---|
| Guest | Wireless (Splash), L2TP Client VPN |
N/A | N/A |
|
802.1x |
Wireless, |
N/A |
N/A |
|
EntraID |
Access Manager |
Proactive or on-demand |
Via Sync |
Meraki-hosted Users
Meraki-hosted users are local user accounts whose credentials are created and managed within the Organization > Monitor > End Users page and are not federated with an external IdP source.
For each user, Guest and 802.1X account details are shown together in the user details page. If needed, an additional account can be added from the user details page to enable access for a different authentication type.
Administrators can manage the following access types for Meraki-hosted users:
| Account Type | Zone | Configuration | Authentication Type |
|---|---|---|---|
| Guest | Wireless SSID | Splash | Meraki Auth |
| Guest | Client VPN | L2TP | Meraki Auth |
| 802.1x | Wireless SSID | Splash | Meraki Cloud RADIUS |
|
802.1x |
Wireless SSID | Enterprise | Meraki Cloud RADIUS |
| 802.1x | Switch Access Policy | Enterprise | Meraki Cloud RADIUS |
Password information is not synced between accounts types. A user with both Guest and 802.1X accounts will have separate passwords for the two accounts.
Create a Meraki-hosted User
To create a Meraki-hosted user:
1. Navigate to Organization > Monitor > Users
2. Click on the Add Users button in the user list.
3. If necessary, select the type of account to create: Guest or 802.1X. The available account types reflect the network access configurations across networks in the organization.
4. In the Add User drawer, enter the Display Name, Email (username), Password information, then click Save.
Edit a Meraki-hosted User
To edit a Meraki-hosted user:
-
Navigate to Organization > Monitor > Users and find the target user in the user list
-
Click triple dots in the right column and select Edit User Details or Edit Guest/802.1X user from the drop down menu.
-
Edit the user details in the drawer
-
Enter updates to Display Name, username or email address
-
A new password can be created or generated
-
-
Click Save to keep the changes and optionally send a password update email to the user
Editing the Email (username) for a Meraki-hosted user that is linked to another IdP user(s) results in creating a new, separate user record when saved.
Delete a Meraki-hosted User
To delete a Meraki-hosted user:
-
Navigate to Organization > Monitor > Users. Find and click on the target user in the user list to open the user details page.
-
Click the triple dots in right hand column and select Delete User from the drop down menu
-
Click Delete User in the confirmation modal to save your change.
Note: Deleting a Meraki-hosted user linked to other IdP users will only remove the local user record.
Administrators can also delete multiple Meraki-hosted users from the users list. To do this:
1. Navigate to Organization > Monitor > Users and enable the checkbox next to the target users.
2. Click Delete Meraki user(s) in the action list action bar.
3. Click Delete Users in the confirmation modal.
Reset a Password for a Meraki-hosted User
To reset a password for a Meraki-hosted user:
-
Identify the target user in the user list
-
Click the triple dots in right hand column and select Reset Password from the drop down menu
-
Create a new password or click auto-generate to randomly generate a password for the user.
-
Click Save to keep the changes and optionally send a password update email to the user
Passwords for Guest and 802.1X users are managed separately. Password information is not synced between accounts types.
External IdP Users & Sources
Identity provider sources such as Microsoft Entra ID can be added to allow syncs between the IdP and Dashboard. The IdP sources store the information about the end users & groups. This information is synced and cached by Meraki Dashboard to be used across the organization. Once an IdP source has been configured in Meraki Dashboard, it can be used for IdP Syncs. A single IdP source can be used, or multiple IdP sources can be used.
For more information about configuring EntraID as a source, check out this KnowledgeBase article
Groups
Groups are multiple users collected under a single name space. They are synced from external identity provider sources. In the example below 2 users are collected into a group called TestGroup123.
Groups can only be synced in from External IdP sources.
This group is created in Microsoft Entra ID and synced into the Dashboard.
The same group name and associations can be seen in the IdP source, Microsoft EntraID. Changes in the user group assignments in the IdP will be synced into the Dashboard.
For configurations with large IdP tenants, it can be effective to search for a group in the groups table. Clicking on the number of users assigned to the group will navigate to the users table with a filtered set of users who are assigned to that group.
Adding a new external IDP source
To add a new IdP source, go to Organization > Monitor > Users in the Dashboard and click Create IdP. The use of each IdP depends on its configuration and permissions. For Access Manager, we recommend a full sync integration. You can also configure IdPs for use as an OAuth provider for Splash.
In the IdP integration flow, add the relevant details to specify to the IdP being configured in the Identity provider interface. The configured connection to the IdP will be validated before the integration data is saved or updated in order to reduce misconfigurations.
A detailed walkthrough of integrating with Microsoft EntraID can be found under EntraID Integrations.
Sync configuration
IdP Syncs keep the information about users and groups updated in Meraki Dashboard with the latest information from the identity provider. The last completed IdP sync timestamp will be displayed in Dashboard > Organization > Monitor > Users by hovering over the "Synced" section under IdP Sources.
When configuring an IdP, Dashboard supports two options for synchronization: proactive and manual. These are set on the IdP integration page when creating or editing an IdP.
When the Proactive Sync option is enabled for an IdP configuration, all Users/Groups information from the IdP will be synced to the Dashboard Cloud cache. Dashboard will also automatically update the cached information every ~6 hours.
Note: The initial sync for a large tenant may take several hours.
If automatic syncs are not being used ("enable proactive sync" is disabled) then syncs from the IdP must be initiated manually by an organization administrator.
This can be done on the Organization > Monitor > Users page by clicking on the Sync > ${Your_IdP_Name}.
Manual syncs can take anywhere from ~5 seconds to multiple minutes to complete. The sync will proceed in the background once launched, allowing the administrator to navigate away from the page as needed while the sync is in progress. Once complete, there will be a notification on the page to show that the sync completed successfully.