Meraki provides Cisco-based, cloud-controlled Wi-Fi and routing and security products for distributed wired and wireless networks.
|Supported capability||Required plan||Details|
|Passwordless SSO||Any plan||Low SSO tax|
|Account creation with SAML||Any plan||SAML JIT (create accounts only)|
To configure Single Sign-On between Meraki and idemeum you will first need to obtain idemeum SAML metadata values. Specifically, you will need the following
- SHA1 formatted fingerprint of your X509 certificate
Instructions for how to obtain idemeum X509 certificate fingeprint for your tenant are below.
The example of SSL certificate SHA1 fingerprint is 66:6D:DF:74:A2:F9:98:5C:71:7D:BD:A0:06:91:8E:6E:44:BA:C9:90
Passwordless Single Sign-On (SAML)
Configure SSO in Meraki
- Navigate to Meraki Dashboard
- Access Organization -> Settings
- Scroll down to Authentication section and click SAML SSO enabled
- Click Add SAML IDP
You will now be entering idemeum SAML metadata values obtained in the prerequisites section
- Enter SHA1 hash value of Public X509 certificate
- Click Save
- Now you will be able to get Consumer URL that you will need to idemeum configuration. Copy that value for later use.
- Navigate to Organization -> Administrators
- Click Add SAML role
- Add SAML role and associated permissions for users logging in with SAML SSO. Enter the role name without spaces.
- Click Create role
- Click Save changes
Configure SSO in idemeum
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for Meraki application and click Add App
- Click SAML at the top navigation menu
Now you will be entering SSO values obtained from Meraki dashboard
- Enter Consumer URL into Assertion Consumer Service URL
- Enter SAML role that you created into SAML SSO role
- Click Save
Account creation with SAML JIT
Meraki currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO into Meraki Dashboard, the user account with be automatically created.
SAML JIT supports only account creation (no account deletion or updates).
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
SSO login flows
Meraki dashboard supports only IDP Initiated Flow for SSO.
IDP Initiated flow
With this flow users first navigate to idemeum user catalog and then click on Meraki dashboard icon to launch application.