These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Meraki Cisco.
Login to ADSelfService Plus as an administrator.
Navigate to Configuration → Self-service → Password Synchronizer..
Locate and click on Meraki Cisco in the list of applications provided.
Click on the Download SSO Certificate link in the top-right corner of the screen.
Meraki Cisco (Service Provider) configuration steps
Login to Meraki with an administrator’s credentials. (https://<subdomain>.meraki.com)
Navigate to Organization → Settings → SAML Configuration.
Paste the logout URL copied in step 5 of Prerequisite in the SLO logout URL field.
Paste the SHA1 FingerPrint value copied in Step 5 of Prerequisite in X.509 cert SHA1 fingerprint field.
Copy the Consumer URL. We will need this in a later step.
Click Save Changes.
Important: Please make sure in Meraki Cisco the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.
ADSelfService Plus (Identity Provider) configuration steps
Now, switch to ADSelfService Plus’ Meraki Cisc configuration page.
In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@ meraki.com to log in to Meraki Cisco, then Meraki is the domain name.
Paste the Consumer URL from Step 5 of Meraki configuration in the ACS URL field.
Paste the domain and subdomain part (as shown in the image below) of the Consumer URL in the Entity ID field.
Provide a Description in the respective field.
In the Available Policies field, click on the drop-down box and select the policies for which you wish to enable single sign-on.
Click Save and log out of ADSelfService Plus.
For Meraki Cisco, single sign-on is supported only for IDP initiated flow.