Set up Meraki as the SP and EAA as the IdP
This procedure describes how to set up the Meraki application as a service provider (SP) and EAA as the identity provider (IdP).
Complete the following steps to configure Meraki as the SP and EAA as the IdP.
- Click Login to create or access your account.
- Make sure your Meraki account has System Manager service enabled or set up a trial for System Manager.
Configure EAA as the IdP for a custom SaaS
application but do not deploy the application at this stage.
Under the SAML SETTINGS tab, copy the Entity ID,
Single SignOn (ACS) URL, and
Signing Certificate information from the IDP
info section. You need this data to configure the Meraki SP.
- Do not deploy the application at this time. You need to fill out the SAML settings fields with Meraki data before you can deploy.
- Under the SAML SETTINGS tab, copy the Entity ID, Single SignOn (ACS) URL, and Signing Certificate information from the IDP info section. You need this data to configure the Meraki SP.
Configure Meraki as the SP.
Log in to your company Meraki dashboard using your admin
Go to Organization > Settings > SAML
Configuration and select SAML SSO
enabled to enable SAML SSO on the Meraki
- After enabling SAML, click Add a SAML IdP to configure the required parameters for Meraki SAML SSO from Step2a.
Copy the Signing Certificate from Step 2a into a file and get the SHA1
fingerprint for it using the openssl command. For
openssl x509 -fingerprint -in <Meraki EAA IDP cert file> -noout
- Copy the fingerprint into the X.509 cert SHA1 fingerprint field.
Copy the Single logout
URL from the EAA IDP info
section in Step 2a into the SLO logout
Click Save Changes to save the SAML SSO
Go back to the Organization > Settings > SAML
Configuration page and write down or copy the Meraki
Go to the Organization >
Administrators > SAML Administrators role page to add
SAML roles for all SAML SSO users.
Click Add SAML role. A dialog appears to add a
Click Save Changes to save the settings.
- Log in to your company Meraki dashboard using your admin credentials.
Go back to the EAA
application you started in Step 2.
Add the Entity ID, SSO
(ACS) URL, and other information required for the SAML settings as noted
in Step 3h.
- Copy https://dashboard.meraki.com into the SAML settings Entity ID field.
- Copy the Meraki Consumer URL field into the SAML settings SSO (ACS) URL field.
Add the required SAML
attributes for the Meraki dashboard to use for user auto-provisioning or
the SSO user. For username, enter the user’s email address. For role,
enter the SAML role configured in Step 3j.
- Click Save and go to Deployment.
- On the DEPLOYMENT tab, click Deploy application.
- Add the Entity ID, SSO (ACS) URL, and other information required for the SAML settings as noted in Step 3h.
Test the SAML SSO
Note: The Meraki Dashboard only supports IdP-initiated SAML SSO.
- Open a browser to your EAA IdP user portal.
- Make sure the login page of you EAA IdP portal displays.
- Log in the EAA IdP portal with valid login credentials and click Login.
Click the Meraki app card displayed in your user portal.
The EAA IdP should SSO you to the Meraki Dashboard application.