topic Authorized access to specific URLs in Wireless

Authorized access to specific URLs

bmessinachicago — Fri, 21 Mar 2025 20:48:09 GMT

Hoping someone in the educational sector may know of a way to do this: We have a list of URLs for which we'd like to require permission by a school adult to students that attempt to access. Example, a student tries going to youtube.com, he/she gets a splash page prompting for a name, then an email is sent to an authorized person asking for authorization giving that student access. I tried doing this with the 'Sponsored Guest Login' feature of Meraki, but it required creating a separate SSID since this is applied globally to any access to the SSID (made it so only that list of URLs is accessible after first getting sponsored permission). The multi-SSID solution is not ideal. Any ideas you can share would be greatly appreciated.

Re: Authorized access to specific URLs

aleabrahao — Fri, 21 Mar 2025 20:57:51 GMT

Sponsored Guest Login does not serve this purpose in itself, and you will not be able to do this natively with Meraki.

The only solution I see is to have some other solution that you can integrate with Meraki, such as Cisco ISE for example.

I hope this helps a little.

Re: Authorized access to specific URLs

aleabrahao — Fri, 21 Mar 2025 20:59:03 GMT

There is another option that I have in mind which is to use some MDM solution, with Meraki's own MDM or Microsoft's Intune.

Re: Authorized access to specific URLs

Philip D'Ath — Sun, 23 Mar 2025 22:39:09 GMT

I have not attempted this.

If you also subscribed to Umbrella SIG and integrated with Meraki, you could create a web block rule.

You could then have someone create a bypass code to override the block page.

https://docs.umbrella.com/deployment-umbrella/docs/create-a-block-page-bypass-code

Rather than a code, you can also create them based on who the user is.

Re: Authorized access to specific URLs

Philip D'Ath — Sun, 23 Mar 2025 22:40:52 GMT

Another option, have Meraki block the web site.

Then, a group policy can be created that can be applied to the specific machine overriding the block.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying_Group_Policies

Re: Authorized access to specific URLs

Philip D'Ath — Sun, 23 Mar 2025 22:42:56 GMT

I just tested creating a custom block page in Umbrella and it allows you to configure it so that the blocked user can notify an admin.

Re: Authorized access to specific URLs

matt_uc — Mon, 24 Mar 2025 15:36:23 GMT

Can you give a bit more detail around this? Lets say a student wants access to youtube.com, they fill out a form, they are granted access for....24 hours?

It wouldn't give them a splash page to deal with, but assuming you could communicate a Google form out to the students a slightly manual proposal would be as follows:

(this proposal assumes that site restrictions are being done via group policy, and there are two group policies here, Student_Filtered and Student_Exemption which allows access to the URLs in question, but you could tweak this for certain URLs or groups of URLs)

->Have your school utilize a Google form to submit their request for access, the form puts the student's request onto a spreadsheet that the teachers can view (could be either for 24 hours or with an end date) and sends an email to the teacher to go approve it
->If the teacher approves they mark that on the spreadsheet, then the teacher goes into the Meraki dashboard and changes the student's Group Policy from say, Student_Filtered to Student_Exemption
->Every morning, a teacher or admin at the school checks the list of who is in the Student_Exemption and if the approval is every day they reset everyone to Student_Filtered, or if there are end dates in the spreadsheet they look for anyone who is past their permission date.

You could also automate this a bit more with the Meraki API, but doing it this way only really requires a google form, very basic dashboard knowledge and 2 minutes of work per day by a teacher/teacher assistant/admin.