Sentry SSO with Meraki Dashboard

From Swivel Knowledgebase
Revision as of 15:29, 14 November 2018 by Admin (talk | contribs) (Setup Sentry Application)
Jump to: navigation, search

(This Article is under construnction)

(This integration has not been released yet)

Setup Sentry Keys

Before you are able to create a Single Sign On configuration on Meraki, you will need to setup some Keys. Please see a separate article: HowToCreateKeysOnCmi. You will need the certificate from the View Keys menu option of Swivel Sentry. Download the Cert file and save it with the .crt extension name.

Enable SAML SSO in Meraki Dashboard

In Meraki Dashboard menu, go to Organization > Settings > SAML Configuration and enable SAML SSO

Meraki1.PNG

SAML SSO = select "SAML SSO enabled"

X.509 cert SHA1 fingerprint = open the saved certificate from sentry and get the fingerprint/thumbprint from the Details. The fingerprint needs to have colons on every two characters. ex: 00:11:22:33:44...

SLO logout URL (optional) = set the logout url: https://<FQDN_OF_SENTRY_SERVER>:8443/sentry/singlelogout

Add SAML administrator roles

Go to Organization > Administrators > SAML administrator roles

This section is used to assign permissions to user groups in Dashboard. When SAML users log-in, they will be granted whatever permissions have been assigned to the 'role' attribute included in the SAML token provided by the IdP.

You can create roles based on the username or other attributes of the user.

To create a new role, click Add SAML role and specify the role.

Meraki2.png

Meraki3.png

Setup additional role attribute in Swivel Core (if needed)

If you want to use specific roles for the Meraki User roles, you can create the attribute in Swivel Core > Repository > Attributes

Meraki4.png

Setup Sentry Application

You can select Application Images in the left hand menu to upload the Meraki Dashboard logo. (Optional)

Cisco-meraki-logo.png

Open the Sentry SSO administration page and Click Applications in the left hand menu. To add a new Application definition for Meraki, click the SAML - Other select button.

Meraki5.png

Meraki6.png

Name = Meraki (Arbitrary name for the application) Image = the meraki logo Points = the number of points the user needs to score from their Authentication Method in order to successfully authenticate to this Application Portal URL = the Meraki Dashboard Consumer URL that is given when enabling SAML SSO Entity ID = https://dashboard.meraki.com Federated ID = email (That needs to match with the attributed defined on Swivel Core)

Save and click edit to be able to add SAML Assertion Attributes to the application