Set up Meraki as the SP and EAA as the IdP

This procedure describes how to set up the Meraki application as a service provider (SP) and EAA as the identity provider (IdP).

Complete the following steps to configure Meraki as the SP and EAA as the IdP.

How to

  1. Access Meraki.
    1. Click Login to create or access your account.
    2. Make sure your Meraki account has System Manager service enabled or set up a trial for System Manager.
  2. Configure EAA as the IdP for a custom SaaS application but do not deploy the application at this stage.
    1. Under the SAML SETTINGS tab, copy the Entity ID, Single SignOn (ACS) URL, and Signing Certificate information from the IDP info section. You need this data to configure the Meraki SP.

      Meraki EAA SAML settings
    2. Do not deploy the application at this time. You need to fill out the SAML settings fields with Meraki data before you can deploy.
  3. Configure Meraki as the SP.
    1. Log in to your company Meraki dashboard using your admin credentials.

      Meraki Dashboard
    2. Go to Organization > Settings > SAML Configuration and select SAML SSO enabled to enable SAML SSO on the Meraki dashboard.

      Meraki SAML configuration
    3. After enabling SAML, click Add a SAML IdP to configure the required parameters for Meraki SAML SSO from Step2a.
    4. Copy the Signing Certificate from Step 2a into a file and get the SHA1 fingerprint for it using the openssl command. For example:
      openssl x509 -fingerprint -in <Meraki EAA IDP cert file> -noout
    5. Copy the fingerprint into the X.509 cert SHA1 fingerprint field.
    6. Copy the Single logout URL from the EAA IDP info section in Step 2a into the SLO logout URL field.

      Merakai SAML settings with added EAA IdP data
    7. Click Save Changes to save the SAML SSO settings.

      Meraki SAML settings saved
    8. Go back to the Organization > Settings > SAML Configuration page and write down or copy the Meraki Consumer URL.

      Meraki Consumer URL
    9. Go to the Organization > Administrators > SAML Administrators role page to add SAML roles for all SAML SSO users.

      Meraki SAML Administrators page
    10. Click Add SAML role. A dialog appears to add a SAML role.

      Meraki Add SAML role dialog
    11. Click Save Changes to save the settings.

      Meraki Save Changes
  4. Go back to the EAA application you started in Step 2.
    1. Add the Entity ID, SSO (ACS) URL, and other information required for the SAML settings as noted in Step 3h.
      • Copy into the SAML settings Entity ID field.
      • Copy the Meraki Consumer URL field into the SAML settings SSO (ACS) URL field.

      Meraki data in EAA SAML settings fields
    2. Add the required SAML attributes for the Meraki dashboard to use for user auto-provisioning or the SSO user. For username, enter the user’s email address. For role, enter the SAML role configured in Step 3j.

      Meraki SAML attributes
    3. Click Save and go to Deployment.
    4. On the DEPLOYMENT tab, click Deploy application.
  5. Test the SAML SSO
    Note: The Meraki Dashboard only supports IdP-initiated SAML SSO.
    1. Open a browser to your EAA IdP user portal.
    2. Make sure the login page of you EAA IdP portal displays.
    3. Log in the EAA IdP portal with valid login credentials and click Login.
    4. Click the Meraki app card displayed in your user portal.

      Meraki app card
    5. The EAA IdP should SSO you to the Meraki Dashboard application. For example:

      Meraki dashboard page