Attempt to log into Cisco Meraki Dashboard SAML integration results in a page that says "true". When reviewing Cisco SAML logs, the following error is noted:
Found existing non-SAML user with email EmailAddress@domain.com
- Security Assertion Markup Language (SAML)
- Cisco Meraki Dashboard
Per Cisco Meraki Documentation, the username attribute cannot match an existing Dashboard administrator or Meraki Authentication user's email address configured on any Dashboard Organization.
The documentation also states: "In order to convert an existing non-SAML Meraki admin account to a SAML account, it will require the Meraki admin account to be deleted from the dashboard and then reintroduced as a SAML account (via the SAML platform being used)."
This issue can be resolved by removing the Admin user with a matching email from the Cisco Meraki Dashboard and then logging in as that user via the SAML integration. This will re-create the user within the Cisco Meraki Dashboard upon login as a SAML account.
NOTE:
- Ensure the appropriate permissions are assigned to the Role the user will receive in Cisco Meraki Dashboard before removing it, to ensure it is created with the desired permissions.
- It is generally recommended to retain at least one local admin account in case there is an issue with SAML SSO, so an Admin can still gain access.
