cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4060
Views
6
Helpful
6
Replies

Multiple Role SAML

betaaaa
Level 3
Level 3

Could we add different user roles using single X.509 cert SHA1 fingerprint ? or we need to create another IdP for different roles? such as

ADMIN role will be using X.509 cert SHA1 fingerprint AAAA

USER role will be using X.509 cert SHA1 fingerprint BBBB

thanks

6 Replies 6

another question is, should the role on IDP defined before tokens generated?

for an example, if i have already create role "ADMIN" on my IDP (Jumpcloud) then generate SHA1 token, and filled it on meraki dashboard.

and in another moment, i need to add new role "USER" on my IDP, should i generate the new SHA1 token? and filled it again on meraki dashboard?

GreenMan
Cisco Employee
Cisco Employee

No - you don't get the option to define roles until the basic SAML IDP setup has been done. Multiple roles can be used against the same IDP

so, is that mean when i want to add new role such as "MONITOR", it will use the same SHA1 tokens as "USER" and "ADMIN" ?

Yes - remember that those credentials are used to verify your IDP, not the individual user; that IDP will separately have to authenticate each user.

If the mapping of Role between the IdP side and the Meraki Dashboard side is consistent, this can be achieved with a single IdP.

For example, in the case of Duo Security.

* admin@example.test: Belong to Admin Group

Duo Central -> Meraki Icon/Tile -> Admin Group is mapped to ADMIN Role -> Meraki Dashboard - ADMIN Role

* user@example.test: Belong to User Group

Duo Central -> Meraki Icon/Tile -> User Group is mapped to USER Role -> Meraki Dashboard - USER Role

Note: Duo Central is the portal for Single Sign-On provided by IdP.