Home > General Administration > Managing Dashboard Access > Configuring SAML SSO with Azure AD

Configuring SAML SSO with Azure AD

This article provides an example walk-through of configuring Azure Active Directory as an identity provider (IdP) for the Cisco Meraki dashboard. This helps consumers who want to move their Active Directory on a cloud platform like Azure to integrate SAML SSO with the Meraki dashboard. It is recommended that administrators read the article on SAML integration for Dashboard before proceeding.

When configuring the Role field, it is recommended to not use space within the text strings as best practice

Setup on Azure

On the Azure Portal, navigate to Azure Active Directory > Enterprise Applications > New Application > Select Non-Gallery application within the new tile. Provide a name to the application and click on Add

 

3.png
 

Generate SHA-1 certificate

To generate the SHA-1 certificate, follow the given steps:

  1. Within the newly created Application, navigate to Single sign-on under the Manage option.
  2. Select the SAML tile. 

  3. Click the edit pencil under the SAML Signing Certificate section.

  4. In the new window that will pop-up, select New Certificate and leave Signing Option as Sign SAML assertion.

  5. Change Signing Algorithm to SHA-1 and save the configuration.

 

4.jpg

 

  1. Right-click on the Inactive certificate and Select Make Certificate Active

 

5.jpg

 

  1. When you receive the following message, Click Yes
"Activating your certificate. You are about to activate an inactive certificate. 
To Prevent application downtime, ensure that this certificate has been successfully 
onboarded to your application on the application's site." 
  1. Download the certificate as Base64 certificate download and look for Thumbprint under Details tab

  2. Copy the SHA1-Fingerprint and edit it using the following format: xx:xx:xx...

    • For example, if the fingerprint is 12hdlo9873jdnm0984hrti2ashlfjhkto447823h then modify it to 12:hd:lo:98:73:jd:nm:09:84:hr:ti:2a:sh:lf:jh:kt:o4:47:82:3h

 

6.png

 

  1. Enter the copied fingerprint in the X.509 cert SHA1 fingerprint field under Organization > Configure > Settings > SAML Configuration in the dashboard and select Add a SAML IdP

 

7.png

 

SSO Configuration 

Follow the below steps for configuring single sign-on:

  1. Within the newly created application on Single sign-on under the Manage option.
  2. Click the edit pencil under the Basic SAML Configuration section.

  3. Type https://dashboard.meraki.com in the Identifier (Entity ID) field.

  4. Enter Consumer URL which you get after entering the SHA-1 certificate in the Meraki dashboard and save the configuration.

 

8.png

 

9-edit.jpg
 

Adding Multiple Roles to a Single Enterprise Application

Steps to add roles:

  1. Within the Azure Active Directory, navigate to App Registrations under Manage
  2. Select the newly created application, in this case, Meraki Lab SSO

  3. Under Manage, choose the Manifest option, this will open a JSON editable interface.

    1. All the roles that are created under SAML roles in the Meraki dashboard are mapped here.

    2. To add these roles, a unique id (GUID) per role is needed. You can use the following GUID generator.

 

10.jpg

 

  1. Edit the section under appRoles


11.png
 

You can keep adding roles like this, with unique displayName, id and value.

For more clarity and recommended steps refer to the Microsoft article on how to add app roles.

 

Adding Meraki Custom Claims

Custom claims can be added from the newly created Azure enterprise application by following the below steps:

  1. Navigate to Manage > Single sign-on
  2. Click on the edit pencil, under User Attributes & Claims and select Add new claim

  3. Fill the fields as per the image below, to map the user’s principal name from Azure AD to login name for the Meraki dashboard.

 

13.jpg
 

  1. To map the RBAC role that was added in the JSON window to the SAML roles in the Meraki dashboard, follow the same steps as mentioned above by starting with adding a new claim.

 

14.jpg
 

Map Roles to Each User/or Groups

Steps to map roles to each user or groups:

  1. Navigate to your Newly Created Enterprise Application and select Users and Groups under manage.

 

15.jpg

 

  1. Click on the Add User button and select the desired users / or groups.

 

16.jpg

 

  1. Select the Role you want to assign to these Users / or groups.

 

17.jpg

 

The login URL can be provided to users who have access to SAML roles, allowing them to successfully login into the Meraki dashboard.

Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 8621

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community