https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411726#M4225 <P>As long as you're using the same X.509 cert SHA1 fingerprint in all Orgs and leveraging SAML Roles correctly as per the documentation that <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/82153">@spaladug</A> linked too, you will be able to then users accessing all Orgs and manage the group membership in your IdP.</P> Thu, 04 Apr 2024 07:40:42 GMT JamesT91 2024-04-04T07:40:42Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411721#M4220 <P>I posted a few years ago about SAML for Meraki Dashboard access for MSP/multiple organizations. Curious if there was any update to that. Onboarding/offboarding users is quite tedious. </P> Wed, 03 Apr 2024 21:25:06 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411721#M4220 iscs-mark 2024-04-03T21:25:06Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411722#M4221 <P>Hi mvalpreda. We do currently support SAML for MSPs (<A href="https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_Single_Sign-on_for_Dashboard#SAML_SSO_for_MSPs" target="_self" rel="nofollow noopener noreferrer">reference</A>). If you are following those requirements and still find it too tedious please share more about your exact use case so we can look into it.</P> Wed, 03 Apr 2024 22:01:26 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411722#M4221 spaladug 2024-04-03T22:01:26Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411723#M4222 <P>I agree but Meraki is one of the best solutions to provide your admins with restricted privileged access using role attributes. This does make it a little bit complex to onboard, however offboarding isn't that difficult. </P> Wed, 03 Apr 2024 22:23:10 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411723#M4222 Pulkit Mittal 2024-04-03T22:23:10Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411724#M4223 <P>I should have been more specific....when we need someone to have access to a customers Meraki dashboard, we go in there as another admin and add them. If that person leaves, we have to remember they are not in there any longer. Between keeping records, going in each organization one by one to remove a user....that is tedious.</P><P>That being said, I'm not 100% sure where to start based on that referenced link. If we have ~100 customers with Meraki organizations....where do I start? Had gone through the Azure AD setup (<A href="https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Azure_AD" target="_self" rel="nofollow noopener noreferrer">here</A>) for our own organization, when I test I get 'true', but just not sure how to add that to our customers.</P><P>Also not sure how Meraki is differentiating between my email address that is in SAML compared to my Cisco/Meraki login....they have different passwords. Do I need to log in at a different URL?</P> Thu, 04 Apr 2024 03:05:26 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411724#M4223 iscs-mark 2024-04-04T03:05:26Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411725#M4224 <P>If I see '<SPAN>Found existing non-SAML user with email &lt;myemail&gt;' do I need to remove that user as a named admin from the Administrators list for the org? Or is that going to be an issue since I am in ~100 other orgs?<BR /></SPAN></P><P><SPAN>Then for customers I want to have as part of our SAML, the Consumer URL does not matter, just the X.509 cert fingerprint for the organization?</SPAN></P><P><SPAN>Figured out the login is at <A href="https://myapplications.microsoft.com/" target="_blank" rel="noopener nofollow noreferrer">https://myapplications.microsoft.com/</A> </SPAN></P> Thu, 04 Apr 2024 03:36:27 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411725#M4224 iscs-mark 2024-04-04T03:36:27Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411726#M4225 <P>As long as you're using the same X.509 cert SHA1 fingerprint in all Orgs and leveraging SAML Roles correctly as per the documentation that <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/82153">@spaladug</A> linked too, you will be able to then users accessing all Orgs and manage the group membership in your IdP.</P> Thu, 04 Apr 2024 07:40:42 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411726#M4225 JamesT91 2024-04-04T07:40:42Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411727#M4226 <P>So the cert I get from Enterprise Applications in <A href="https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Azure_AD#Enabling_SAML_SSO_in_Azure_Active_Directory" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Azure_AD#Enabling_SAML_SSO_in_Azure_Active_Directory</A> is the same one I am going to use in all the organizations I have access to and want to use SAML?</P><P>The Consumer URL is different for the different orgs and won't matter?</P><P>Guessing if I have the same email address already defined as an administrator, I need to pull that out so there is not a conflict between what is defined and in SAML?</P> Sun, 07 Apr 2024 23:05:59 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411727#M4226 iscs-mark 2024-04-07T23:05:59Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411728#M4227 <P>You will need to login via a different URL e.g. "domain.sso.meraki.com". If you already have an Organization Administrator account using the same email as your SAML then you will need to remove it from that Organization before you can leverage SSO.</P> Mon, 08 Apr 2024 04:07:05 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411728#M4227 RTownsend 2024-04-08T04:07:05Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411729#M4228 <P>I did a little test and yes....add the x.509 to all the orgs, add the SAML administrators and it's set. Guessing the Meraki dashboard 'sees' that the cert is the same and ties them together.</P> Tue, 09 Apr 2024 23:29:15 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411729#M4228 iscs-mark 2024-04-09T23:29:15Z https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411730#M4229 <P>Glad you got it working. <SPAN class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:"><span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></SPAN></P> Wed, 10 Apr 2024 07:14:26 GMT https://community.cisco.com/t5/cloud-networking-platform/saml-for-msp-multiple-organizations-any-changes/m-p/5411730#M4229 JamesT91 2024-04-10T07:14:26Z