Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3535
Views
0
Helpful
4
Replies

Meraki SAML SSO with Okta

BobRossJr
Level 1
Level 1

‎09-09-2021 07:01 AM

We are having a hard time getting this implemented for our Meraki dashboard using Okta. 

 

We realize this is an idP initiated app.
We have input the following:
SAML SSO Enabled
Added thumbprint: example AA:BB:CC:DD:EE:FF:GG:HH:II:JJ:KK:LL:MM:NN:OO:PP:QQ:RR:SS:TT
Consumer URL -- provided by the meraki dashboard added into Okta
Created SAML Role and gave Organization permissions

Mapped the Username Attribute Value to Email although we have tried UserName as well.

 

After following these steps when we click the Meraki application inside of Okta, we are taken to a Meraki webpage that says "True'. If we consult the Okta logs it shows a successful sign in even though we are not actually signed in. I'm sure we have done something goofy here but not sure what else to try. Poking here before attempting to contact support.

 

Greatly looking forward to any inisight.

 

 

Labels:
0 Helpful
4 Replies 4

rkeeka
Level 1
Level 1

‎10-11-2021 07:32 AM

Hi BobRossJr

Having the same problem at the moment on a new app created... we have other OKTA apps already configured, on testing others same issue.  Did you find a solution?

RK

0 Helpful

BobRossJr
Level 1
Level 1
In response to rkeeka

‎10-11-2021 09:23 AM - edited ‎10-11-2021 09:29 AM

Hi RK,

 

Yes, we were finally able to figure this out on our end. It was a misunderstanding of how we were reading the setup document.

 

You have to remove the user that you want to use SAML from Meraki. They cannot exist in there. When you sign into Okta, you click on your Okta app and it authenticates you into Meraki and assigns permissions based off the SAML_roles you created in Meraki.

 

For example, we have 2 SAML roles that we created. A read only role that we assign as an app to IT folks in Okta that only need Read-Only access and we have a Admin role that has Organization level permission that they are assigned to as an App in Okta. If you have multiple roles you need to fill then that is how it is done.

 

Let me know if you still have issues. I'll be happy to try and provide some more detail and photos if necessary.

 

It's important to note, you have to keep at least 1 local meraki account and that account has to be an Organization admin. You will not be able to protect all accounts in Okta. We currently keep 2 local accounts active and we make sure they have very strict/complex passwords.

 

BobRoss Jr.

0 Helpful

jasond
Level 1
Level 1
In response to BobRossJr

‎02-14-2022 04:01 PM

We are having the same problem with only certain users, but we are using Duo SAML2 SSO.  I verified that the users with problems do not also exist in Meraki's Organization/Administrators. I did an LDAP search for the users using the account that Duo uses to query LDAP and the Group associated with the Meraki role is in fact enumerated.

0 Helpful

rkeeka
Level 1
Level 1

‎10-12-2021 07:13 AM

Hi BobRoss Jr.

Spot on - I was trying to test without giving anyone else access.

Thanks for the info 

RK

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents