https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452207#M8077 <P>ps. You can have your SAML provide pass anything for the username, such as sAMAccountName or displayName. If you don't pass an email address you avoid this issue of existing accounts.</P> Thu, 26 Dec 2024 19:58:56 GMT Philip D'Ath 2024-12-26T19:58:56Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452202#M8072 <P>Hi everyone!</P><P>I hope everything is fine.</P><P>I'm trying to integrate Cisco Meraki with AD Self Service, so the users can login to Meraki directly from the AD Self Service.</P><P>I have run the tests, but I am getting the error: <SPAN>Assertion contains no username and no role.</SPAN></P><P><SPAN>I'm relatively new to this SAML thing, and don't know how to resolve it.</SPAN></P><P><SPAN>Any help would be greatly appreciated.</SPAN></P><P><SPAN>I can see the username in the XML file, but no role? How should I be adding all of these things?</SPAN></P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AnthonyJulien_0-1735210608255.png" style="width: 400px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/264140i62B3FA3E28C5D224/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P> Thu, 26 Dec 2024 10:56:55 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452202#M8072 AnthonyJulien 2024-12-26T10:56:55Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452203#M8073 <P><A title="Configuring SAML Single Sign-on for Dashboard" href="https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_Single_Sign-on_for_Dashboard" target="_self" rel="nofollow noopener noreferrer">Configuring SAML Single Sign-on for Dashboard</A> </P> Thu, 26 Dec 2024 11:31:39 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452203#M8073 RWelch-USA 2024-12-26T11:31:39Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452204#M8074 <P><A title="Integrating Active Directory with Sign-On Splash Page For MR Access Points" href="https://documentation.meraki.com/MR/MR_Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_Page_For_MR_Access_Points" target="_self" rel="nofollow noopener noreferrer">Integrating Active Directory with Sign-On Splash Page For MR Access Points</A> </P> Thu, 26 Dec 2024 11:32:56 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452204#M8074 RWelch-USA 2024-12-26T11:32:56Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452205#M8075 <P>Have you defined the role(s) you want in Dashboard?</P><P>Org-&gt;Aministrators, scroll down to SAML administrator roles, if not you need to add at least one role.</P><P>The role defines what access rights a matchng user will be given.</P><P>Then in your AD, any user that you want to be able to login needs that role in their settings.</P><P>I've not used ADSSP but I see there''s a guide for Dashboard...</P><P><A href="https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakicisco.html" target="_blank" rel="noopener nofollow noreferrer">https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakicisco.html</A></P><P>...it says....</P><P><SPAN>Please make sure in Cisco Meraki the </SPAN><STRONG>role</STRONG><SPAN> (Organization &gt; Administrators) maps to the </SPAN><STRONG>department attribute</STRONG><SPAN> and the </SPAN><STRONG>username</STRONG><SPAN> maps to the </SPAN><STRONG>mail attribute</STRONG><SPAN> in Active Directory.</SPAN></P><P>There are also several SAML guides in Meraki documentation, for instance...</P><P><A href="https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Microsoft_Entra_ID" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Microsoft_Entra_ID</A></P><P>With Dashboard SAML a user must have one role.</P> Thu, 26 Dec 2024 11:33:45 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452205#M8075 sungod 2024-12-26T11:33:45Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452206#M8076 <P>Hello!</P><P>Thank you so much for the help!</P><P>I did the steps exactly as you mentioned from the AD side, and the issue was resolved (although I got another error, it seems I cannot use the same email address for both regular signin and SAML signin).</P><P>So I created another user with an email address not in use yet in Meraki, and I was able to login as expected without any issues.</P><P>That was a quick reply as well, thank you!</P> Thu, 26 Dec 2024 13:36:59 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452206#M8076 AnthonyJulien 2024-12-26T13:36:59Z https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452207#M8077 <P>ps. You can have your SAML provide pass anything for the username, such as sAMAccountName or displayName. If you don't pass an email address you avoid this issue of existing accounts.</P> Thu, 26 Dec 2024 19:58:56 GMT https://community.cisco.com/t5/network-platform-api/saml-integration-with-ad-self-service-plus/m-p/5452207#M8077 Philip D'Ath 2024-12-26T19:58:56Z