Configuring SAML SSO for Cisco Meraki

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Cisco Meraki.

Prerequisite

  1. Login to ADSelfService Plus as an administrator.
  2. Navigate to  Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Cisco Meraki from the applications displayed.
    Note: You can also find Cisco Meraki application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
  3. Click IdP details in the top-right corner of the screen.
  4. In the pop-up that appears, copy the Login URL, Logout URL and Sha1 FingerPrint .
    5. IDP Details

Cisco Meraki(Service Provider) configuration steps

  1. Login to Meraki with an administrator’s credentials. (https://<subdomain>.meraki.com)

  2. Navigate to Organization → Settings → SAML Configuration.

    Screenshot
  3. Paste the logout URL copied in Step 4 of Prerequisite in the SLO logout URL field.

  4. Paste the SHA1 FingerPrint value copied in Step 4 of Prerequisite in X.509 cert SHA1 fingerprint field.

    Screenshot
  5. Copy the Consumer URL. We will need this in a later step.
  6. Click Save Changes.

Important :

Please make sure in Cisco Meraki the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

ADSelfService Plus (Identity Provider) configuration steps

  1. Now, switch to ADSelfService Plus’ Meraki Cisc configuration page.
  2. Enter the Application Name and Description.
  3. In the Assign Policies field, select the policies for which SSO need to be enabled.
    Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
  4. Select Enable Single Sign-On.
  5. Enter the Domain Name of your Cisco Meraki account. For example, if you use johndoe@thinktodaytech.com to log in to Cisco Meraki, then thinktodaytech.com is the domain name.
  6. Paste the Consumer URL from Step 5 of Cisco Meraki configuration in the ACS URL field.

  7. Paste the domain and subdomain part (as shown in the image below) of the Consumer URL in the Entity ID field.

    Screenshot
  8. Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
  9. Click Add Application
Note: For Meraki Cisco, single sign-on is supported only for IDP initiated flow.
Go to Top

Copyright © 2024, ZOHO Corp. All Rights Reserved.