Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4184
Views
10
Helpful
5
Replies

SAML Integration with AD Self Service Plus

Go to solution
AnthonyJulien
Community Member

‎12-26-2024 02:56 AM

Hi everyone!

I hope everything is fine.

I'm trying to integrate Cisco Meraki with AD Self Service, so the users can login to Meraki directly from the AD Self Service.

I have run the tests, but I am getting the error: Assertion contains no username and no role.

I'm relatively new to this SAML thing, and don't know how to resolve it.

Any help would be greatly appreciated.

I can see the username in the XML file, but no role? How should I be adding all of these things?

image.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sungod
Level 11
Level 11

‎12-26-2024 03:33 AM

Have you defined the role(s) you want in Dashboard?

Org->Aministrators, scroll down to SAML administrator roles, if not you need to add at least one role.

The role defines what access rights a matchng user will be given.

Then in your AD, any user that you want to be able to login needs that role in their settings.

I've not used ADSSP but I see there''s a guide for Dashboard...

https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakicisco.html

...it says....

Please make sure in Cisco Meraki the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

There are also several SAML guides in Meraki documentation, for instance...

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Microsoft_Entra_ID

With Dashboard SAML a user must have one role.

View solution in original post

5 Replies 5

Go to solution
RWelch-USA
Meraki Community All-Star
Meraki Community All-Star

‎12-26-2024 03:31 AM

Configuring SAML Single Sign-on for Dashboard

0 Helpful

Go to solution
sungod
Level 11
Level 11

‎12-26-2024 03:33 AM

Have you defined the role(s) you want in Dashboard?

Org->Aministrators, scroll down to SAML administrator roles, if not you need to add at least one role.

The role defines what access rights a matchng user will be given.

Then in your AD, any user that you want to be able to login needs that role in their settings.

I've not used ADSSP but I see there''s a guide for Dashboard...

https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sso/merakicisco.html

...it says....

Please make sure in Cisco Meraki the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

There are also several SAML guides in Meraki documentation, for instance...

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Configuring_SAML_SSO_with_Microsoft_Entra_ID

With Dashboard SAML a user must have one role.

Go to solution
AnthonyJulien
Community Member
In response to sungod

‎12-26-2024 05:36 AM

Hello!

Thank you so much for the help!

I did the steps exactly as you mentioned from the AD side, and the issue was resolved (although I got another error, it seems I cannot use the same email address for both regular signin and SAML signin).

So I created another user with an email address not in use yet in Meraki, and I was able to login as expected without any issues.

That was a quick reply as well, thank you!

Go to solution
Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to AnthonyJulien

‎12-26-2024 11:58 AM

ps. You can have your SAML provide pass anything for the username, such as sAMAccountName or displayName. If you don't pass an email address you avoid this issue of existing accounts.

Customers Also Viewed These Support Documents