Solved: Questions about Access Manager Integration

Aussietramp · ‎05-28-2025

Hi,

I'm currently testing Access Manager and it's looking great!

I just have a couple of questions:

Is it possible to use the same SSID to authenticate both via Entra ID and MAB (based on MAC addresses assigned to a Client-group object in Access Manager)?
Besides Entra ID, can I integrate other Identity Providers such as Google?

Thanks in advance for your support!

Mau

Ryan_Miles · ‎05-28-2025

You will need two SSIDs: one for MAB and a second for 802.1X.

View solution in original post

aleabrahao · ‎05-28-2025

Hi,

1 - Yes, it is possible to use the same SSID to support both Entra ID (formerly Azure AD) and MAB.

2- Direct integration with Google as an IdP is not natively supported in Meraki Access Manager.
You might be able to use a third-party identity broker like Okta, JumpCloud, etc.

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_non-802.1X_Supported_IoT_or_Other_Endpoints_-_MAC_Authentication_Bypass_(MAB)_and_iPSK

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Aussietramp · ‎05-28-2025

This is my configuration....but when i connect to the SSID ,it asks me for username/password.Why?

This is also my SSID config:

any idea?

Aussietramp · ‎05-28-2025

Hi,

Ryan who work for Meraki said: "You will need two SSIDs: one for MAB and a second for 802.1X."

mmm

aleabrahao · ‎05-28-2025

You had not specified that you wanted to use 802.1x.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Aussietramp · ‎05-28-2025

ah ok. Can i ask then which other authentication methods are accepted to use only one SSID with EntraID and MAB together?

nicdc01 · ‎06-06-2025

Where do you find the option to configure a different IdP other than Entra?
Selecting the "+Create IdP" forwards me to an Entra ID configuration page and doesn't give the option to configure anything else.

As far as I can tell the documentation remains vague about other 3rd party providers. Assuming it might be a Feature Flag you need to request them to enable?

Aussietramp · ‎06-06-2025

At the moment you can authenticate ONLY with Azure. Future will tell f they will add some ore identity Provider.

Ryan_Miles · ‎05-28-2025

The SSID needs to be configured for MAB and Access Manager can be the source it authenticates against. This doc covers it in great detail https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_non-802.1X_Supported_IoT_or_Other_Endpoints_-_MAC_Authentication_Bypass_(MAB)_and_iPSK

Entra is the only supported IdP today. More should come in the future.

Aussietramp · ‎05-28-2025

Hi Ryan,

first of all thanks for your help.

you say that SSID needs to be configured for MAB and Access Manager but if i set up the SSID for MAB...how can i authenticate on the same SSID my users againstEntra ID?

At the moment my SSID is configured with "ENTERPRISE with ACCESS MANAGER". With this config i can authenticate my user against EntraID but not MAB.

is that correct?

Ryan_Miles · ‎05-28-2025

You will need two SSIDs: one for MAB and a second for 802.1X.

Aussietramp · ‎05-28-2025

ah ok...ive been told differentty here above but it seems like you are a meraki Employee so...well thanks for your help

Philip D'Ath · ‎05-28-2025

You can do MAB and 802.1x on a wired port. WiFi is a bit different.