Cisco Meraki

Cisco Meraki provides devices and software to help businesses manage Wi-Fi network access for employees and guests.

Updated over a week ago

Cisco Meraki is the leader in cloud controlled Wi-Fi, routing and security. Cisco Meraki provides devices and software to help businesses manage Wi-Fi network access for employees and guests.

Important note: The Cisco Meraki integration is compatible with both our Visitors and Workplace products. During the configuration steps below, be sure to only choose settings related to the Envoy product you are using.

Envoy Visitors + Cisco Meraki

The Envoy + Cisco Meraki app has the ability to provide workplace Visitors temporary Wi-Fi credentials when they are signed-in. Each time a visitor signs in to the workplace, unique credentials are generated and sent out via email or text.

Envoy Workplace (Employees) + Cisco Meraki

Envoy also provides the option to automatically sign-in employees once they connect to your Cisco Meraki powered Wi-Fi network. When an employee's device connects to the Wi-Fi network, Cisco Meraki will validate the device using 802.1x/RADIUS and obtain the username (email) of the employee. Cisco Meraki automatically sends this information to Envoy, and we sign the employee into the workplace!

Getting Started:

Please ensure that the user generating the API key has full global permissions.

Step 1: API Access

  1. Navigate to Apps > All Apps.

  2. Search for Cisco Meraki and install the App.

  3. Log into the Cisco Meraki dashboard and navigate to Organization > Settings. Locate the section titled Dashboard API access and select Enable Access, then save your changes.

  4. Either click the link to your profile in the description of "API Access," or navigate to My Profile profile by clicking your user profile name in the top-right corner of the Meraki Dashboard.

  5. Navigate to the section titled API Access and click on "Generate new API key" if you have not generated one already. Copy this key and store in a safe place.

    1. If you do not see a button labeled “Generate new API key” then the API quota may be full. We recommend using one that is already generated so long as you have it stored somewhere, or if necessary, you can "Revoke" one to generate another.

  6. In Envoy, paste the Meraki API key.

  7. Select your API Region if this is different from the default.

Step 2: API Access

Select which organization you would like to use with the Envoy + Meraki integration.

Step 3: Network

Select the Network you will be using for Access.

Envoy Visitors + Cisco Meraki Configuration

**Visitor Configuration is optional**

Step 4: Access

When configuring the Visitors portion of this integration, the Visitor sign-in flow must contain a phone number or email. This is how we will send the credentials to the visitor.

Learn more about how to configure your Envoy sign-in fields.

  1. [Visitors SSID]: Select your desired SSID for Visitors from the dropdown.

  2. [Access Duration]: Choose the length of time up to 24 hours for guest wi-fi access

  3. [Optional]: Select Visitor types to block from receiving Wi-Fi credentials.

  4. [Optional]: Send guest Wi-Fi credentials to hosts.

    1. This is useful when visitors do not have easy access to email or text messages or if they are not required to enter their email address or phone number at sign in.

  5. [Optional]: Select delete visitor credentials on sign-out from "User Management Portal" (Network-wide -> Users)

  6. [Security and Splash Page Settings] Select your security and splash page settings

Security and Splash Page Settings in Envoy must correspond with your Meraki SSID settings.

For example, if you select "Open with Meraki Cloud Authentication" in Envoy. Then, on the SSID settings in Meraki, you must have Security set to "Open (no encryption)" and Splash Page set to "Sign-on with Meraki Cloud Authentication"

If you have Security and Splash Page Settings in Envoy set to "Enterprise with Meraki Cloud Auth with Click Through", then in your Meraki SSID settings, you must have Security set to "Enterprise with Meraki Cloud Authentication" and Splash Page set to "Click-through."

What is the visitor experience with the Envoy + Cisco Meraki app?

  • When a visitor signs in, they will receive an email or SMS with instructions on how to access your Wi-Fi. 

  • When they follow the instructions in the email or SMS, they will be directed to the Wi-Fi network where they can use their credentials to gain access. 

To view all the active connections within your access point, you can do the following:

1. Navigate Wireless > Access Points > on the Meraki dashboard.

2. Click into your access point and then scroll down to Clients. The numeric IDs listed under the Clients section will be the Entry IDs for your Envoy Visitors connected to your network.

Envoy Workplace (Employees) + Cisco Meraki Configuration

This feature is still in Beta and may have limited availability.

Envoy will soon offer the option to automatically sign-in employees to the workplace. You can enable this feature within the Employee Access section (Step 4) of the Cisco Meraki app installation within Envoy. Before enabling this, please ensure your Meraki employee Wi-FI network is set to our specifications so we can successfully map Wi-Fi connections to Employees in the Envoy Employee Directory.

Requirements for Automatic Sign-in

  • The Wi-Fi network must be set up so that employees will login to it with their full email as a username.

    • If the Wi-Fi is set to have the employee only enter a password with no username, then automatic sign-in will not trigger.

    • If the employee's username for the Wi-FI does not match their full email as listed in the employee directory, then automatic sign-in will not trigger.

  • The Wi-Fi network must use the 802.1.X / RADIUS configuration.

    • This type of authentication allows Envoy to pull the username (employee's email) and match it to the employee in the directory.

Verifying the correct authentication for automatic sign-in

You can verify that the network set up to our specifications by checking the event log in Cisco Meraki:

  1. Open the Cisco Meraki admin portal.

  2. Navigate to Network-wide > Event Log

  3. Search for an 802.1X authentication event type.

  4. Open the details on the far right and you should see a field named "identity". The identity should match the email of the employee in the Envoy Employee Directory.

After the requirements are met, navigate to the Employee Access section at the bottom of step 4 on the app installation.

  1. Select Yes to "Auto sign in employees with Wifi connection data?"

  2. Select the SSID that you would like to use to track employee sign-in.

Cisco Meraki + Visitors FAQ

  • Options for Client IP and VLAN:

    • Meraki AP assigned (NAT mode)

    • (or) External DHCP server assigned

  • The default session timeout for passwords is configurable during creation. We expire the user when the visitor is signed out.

  • User creation for guest access is handled through Meraki Cloud Authentication

Did this answer your question?