This article clarifies whether multiple SAML administrator roles can be sent through the OIN Cisco Meraki Dashboard SAML App and provides alternative solutions if limitations are present.

• Cisco Meraki 
• Security Assertion Markup Language (SAML)
• Single Sign-On (SSO)

The OIN SAML app for Cisco Meraki currently does not support sending multiple SAML administrator roles.

Only one SAML administrator role can be sent through the Okta Integration Network (OIN) application. To send multiple roles, use a custom SAML application for Cisco Meraki SSO and configure Attribute Statements. 

1. Create a SAML Custom App.
2. Then, configure the Attribute Statement as follows:

• • Name: https://dashboard.meraki.com/saml/attributes/username
  • Type: Unspecified
  • Value: user.email

3. Configure the Group Attribute Statement as follows:

• • Name: https://dashboard.meraki.com/saml/attributes/role
  • Type: Unspecified
  • Filter: Starts with: -"customer role name"
    
       

4. Create Okta groups and name them based on the Meraki roles associated with the users. Ensure that the Okta groups have the same name as the Meraki role (case sensitive).

1. 1. Assign users to these Okta groups and further assign the Okta groups to the Meraki app in Okta.
   2. Once that is done, under Group Attribute Statements, use:
      • Filter: Starts with -"customer role name"
      • Remove the quotation marks from the group filter and re-test the SAML assertion.

Related References

• Custom SAML Application
• Cisco Meraki Dashboard SAML