This topic describes how to configure Meraki Access Points (APs) to use OneLogin as a RADIUS server, enabling your users to connect to WiFi using their OneLogin credentials.
For a quick overview on the connecting RADIUS to Meraki, check out this video:
OneLogin has a RADIUS server interface that will accept RADIUS authentication requests from devices that support the RADIUS protocol, like Meraki AP devices. When OneLogin receives an Access-Request message, the user is authenticated against the directory linked to the user.
To configure a Meraki AP to use the OneLogin RADIUS server, you must:
- Configure OneLogin RADIUS server
- Configure your Meraki SSID RADIUS settings
- Configure your users' client devices to connect to your Meraki Access Point
- OneLogin RADIUS server supports the PAP, EAP-TTLS/PAP, and EAP-PEAP/MSCHAPv2 authentication schemes
- Your Meraki AP must use WPA-2 Enterprise with RADIUS.
- You cannot use Meraki Splash pages hosted by Meraki.
Configuring OneLogin RADIUS server
Log in to OneLogin as an administrator.
Go to Settings -> RADIUS.
Click the New Configuration button.
The RADIUS configuration page appears.
Enter a name that helps you identify this configuration; for example, "Meraki AP"
In the Secret field, enter the string that is defined as the shared secret for your Meraki AP device.
If you already have a shared secret defined for you Meraki AP, enter it here. If not, you can create one and enter it here. You will re-use it when you configure your Meraki AP device to talk to the OneLogin RADIUS server.
Your shared secret should be random, at least 22 characters long, and can use any standard alphanumeric and special characters.
Note. If you create a new shared secret, it can take up to an hour to be usable due to caching.
Enter the IP address of your Meraki AP device.
You can enter more than one, separated by spaces.
Confirm your attribute mappings.
After you click Save, the Attributes section shows the mapping of RADIUS attributes (left) to OneLogin attributes (right).
By default, the OneLogin RADIUS service uses the OneLogin Email as the RADIUS User-Name and the OneLogin Password as the RADIUS User-Password.
For a typical Meraki AP device that uses username and password for authentication, accept these defaults. Your OneLogin configuration is done. Now you can configure your Meraki SSID RADIUS settings.
Configure Meraki SSID RADIUS settings
Log into your Meraki AP as an administrator.
Go to Wireless > SSIDs.
On the Access control line, click edit settings.
On the Access control page, configure the following fields.
WPA2-Enterprise with: my RADIUS server
WPA encryption mode: WPA2 only
Host: Enter the IP address of the OneLogin RADIUS service endpoint you use:
Primary US (radius.us.onelogin.com):
Secondary US (radius2.us.onelogin.com):
Primary EU (radius.eu.onelogin.com):
Secondary EU (radius2.eu.onelogin.com):
Secret: Your RADIUS Secret (as configured in OneLogin)
Click Save Changes.
Your Meraki configuration is done. Now you can create your WiFi profile.
Configure User Devices to Connect to the Meraki AP
To give your users access to the Meraki AP using OneLogin RADIUS, you or your users must configure their devices for access. The method you use depends on your organization's preferred tools and procedures. You can find instructions for the most common devices here: