Meraki

Capabilities overview

Meraki provides Cisco-based, cloud-controlled Wi-Fi and routing and security products for distributed wired and wireless networks.

Prerequisites

To configure Single Sign-On between Meraki and idemeum you will first need to obtain idemeum SAML metadata values. Specifically, you will need the following

• SHA1 formatted fingerprint of your X509 certificate

Instructions for how to obtain idemeum X509 certificate fingeprint for your tenant are below.

How to obtain SAML metadata for idemeum

SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…

Docsidemeum team

The example of SSL certificate SHA1 fingerprint is 66:6D:DF:74:A2:F9:98:5C:71:7D:BD:A0:06:91:8E:6E:44:BA:C9:90

Passwordless Single Sign-On (SAML)

Configure SSO in Meraki

• Navigate to Meraki Dashboard
• Access Organization -> Settings

• Scroll down to Authentication section and click SAML SSO enabled

• Click Add SAML IDP

You will now be entering idemeum SAML metadata values obtained in the prerequisites section

• Enter SHA1 hash value of Public X509 certificate

• Click Save
• Now you will be able to get Consumer URL that you will need to idemeum configuration. Copy that value for later use.

• Navigate to Organization -> Administrators
• Click Add SAML role
• Add SAML role and associated permissions for users logging in with SAML SSO. Enter the role name without spaces.

• Click Create role

• Click Save changes

Configure SSO in idemeum

• Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
• Click Applications in the left menu
• Search for Meraki application and click Add App
• Click SAML at the top navigation menu

Now you will be entering SSO values obtained from Meraki dashboard

• Enter Consumer URL into Assertion Consumer Service URL
• Enter SAML role that you created into SAML SSO role

• Click Save

Account creation with SAML JIT

Meraki currently supports account creation with SAML JIT - SAML Just-in-Time provisioning. When new users try to log in with passwordless SSO into Meraki Dashboard, the user account with be automatically created.

SAML JIT supports only account creation (no account deletion or updates).

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

SSO login flows

Meraki dashboard supports only IDP Initiated Flow for SSO.

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on Meraki dashboard icon to launch application.