Configuring SAML SSO for Meraki Cisco

These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Meraki Cisco.

Prerequisite

Meraki Cisco (Service Provider) configuration steps

1. Login to Meraki with an administrator’s credentials. (https://<subdomain>.meraki.com)

2. Navigate to Organization → Settings → SAML Configuration.

   

3. Paste the logout URL copied in step 5 of Prerequisite in the SLO logout URL field.

4. Paste the SHA1 FingerPrint value copied in Step 5 of Prerequisite in X.509 cert SHA1 fingerprint field.

   

5. Copy the Consumer URL. We will need this in a later step.

6. Click Save Changes.

Important: Please make sure in Meraki Cisco the role (Organization > Administrators) maps to the department attribute and the username maps to the mail attribute in Active Directory.

ADSelfService Plus (Identity Provider) configuration steps

1. Now, switch to ADSelfService Plus’ Meraki Cisc configuration page.

2. In the Domain Name field, enter the domain name of your email address. For example, if you use johndoe@ meraki.com to log in to Meraki Cisco, then Meraki is the domain name.

3. Paste the Consumer URL from Step 5 of Meraki configuration in the ACS URL field.

4. Paste the domain and subdomain part (as shown in the image below) of the Consumer URL in the Entity ID field.

   

5. Provide a Description in the respective field.

6. In the Available Policies field, click on the drop-down box and select the policies for which you wish to enable single sign-on.

7. Click Save and log out of ADSelfService Plus.

For Meraki Cisco, single sign-on is supported only for IDP initiated flow.

---