Cisco Meraki Dashboard SAML Single Sign-On (SSO) integration

This topic contains procedures to configure Cisco Meraki Dashboard for Single Sign-On (SSO) in CyberArk Identity using SAML.

Cisco Meraki Dashboard SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • JIT (Just In Time) Provisioning

Prerequisites for Cisco Meraki Dashboard SSO

Configuring the Cisco Meraki Dashboard SAML template for SSO requires a Cisco Meraki Dashboard account with administrator access.

Configure the Cisco Meraki Dashboard app template in the Identity Administration portal

The following procedure describes the steps in the Identity Administration portal needed to configure the Cisco Meraki Dashboard app template for SSO.

Step 1: Add the Cisco Meraki Dashboard web app template.

  1. In the Identity Administration portal, select Apps > Web Apps, then click Add Web Apps.

    The Add Web Apps screen appears.

  2. On the Search tab, enter Cisco Meraki Dashboard in the Search field and click the search icon.

  3. Next to Cisco Meraki Dashboard, click Add.

  4. In the Add Web App screen, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The Cisco Meraki Dashboard application opens to the Settings page.

Step 2: Configure the Settings page.

Set an app name, description, category, and logo if you want to change them.

Step 3: Configure the Trust page.

  1. In the Identity Provider Configuration, select Manual Configuration.

  2. Expand the Signing Certificate section and copy the Thumbprint. You will need this later.

  3. Copy the Logout Landing Page URL. You will need this later.

  4. In the Service Provider Configuration section, select Manual Configuration, then review the following SAML settings and click Save after you finish.

    Setting Description

    SP Entity ID

    		 https://dashboard.meraki.com/

    Assertion Consumer Service (ACS) URL

    		 Matches the Consumer URL from the Cisco Meraki Dashboard website. Configure Cisco Meraki Dashboard for SAML single sign-on.

Step 4: Configure the SAML Response page.

  1. On the SAML Response page, click Add, and add the following attributes:

    Attribute Name Attribute Value

    https://dashboard.meraki.com/saml/attributes/username

    LoginUser.Email

    https://dashboard.meraki.com/saml/attributes/role

    LoginUser.RoleNames

Step 5: Configure the Permissions page to grant Cisco Meraki Dashboard users SSO access.

Grant SSO access to Cisco Meraki Dashboard by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

    The Select User, Group, or Role window appears.

  2. Select the user(s), group(s), or role(s) that you want to give permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the desired permissions, then click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Change the permissions if you want to add additional control or you prefer not to automatically deploy the application.

Step 6: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Cisco Meraki Dashboard for SAML single sign-on

The following procedure describes the steps in the Cisco Meraki Dashboard needed to configure the app template for SSO.

  1. Sign in to Cisco Meraki Dashboard with administrator credentials.

  2. Go to Organization > Settings.

  3. In the SAML Configuration section, select SAML SSO enabled from the SAML SSO dropdown menu. Click Add a SAML IdP.

    The Consumer URL required on the Trust page of the Identity Administration portal is available on this page.

  4. Enter the following details copied from the Trust page of the Identity Administration portal. Refer to Configure the Trust page. Click Save.

    Cisco Meraki Dashboard value name CyberArk Identity value name

    X.509 cert SHA1 fingerprint

    		 Signing Certificate > Thumbprint

    SLO logout URL (optional)

    		 Logout Landing Page URL
  5. Go to Organization Administrators.
  6. Click Add SAML role.
  7. Enter a Role name, and select the appropriate organization access and access privileges. Click Create role.
  8. Click Save changes.

Test the Cisco Meraki Dashboard IdP-initiated SSO integration

Step 1: Log in to Cisco Meraki Dashboard using CyberArk Identity.

  1. Log in to CyberArk Identity using user credentials with the required permissions.

  2. Launch the Cisco Meraki Dashboard application from the Identity User Portal. The page redirects to Cisco Meraki Dashboard and displays the web interface.

Step 2: Verify SAML login status in Cisco Meraki Dashboard

  1. Go to Organization Administrators.

  2. Under SAML administrator roles, view the SAML login history. You should see a green icon with details of the successful SAML login.

Additional information

For additional resources, refer to the following support documents:

How to Configure SAML 2.0 for Cisco Meraki Dashboard

Configuring SAML Single Sign-on for Dashboard - Cisco Meraki