SplashAccess has now developed a fully integrated
Captive portal with full AD and LDAP Server support
Meraki MR/MX AD Support
Cisco Meraki devices (MR access points and MX security appliances) support the use of a sign-on Splash Page, requiring network users to authenticate in a web browser before being allowed access to the network.
This new update for Splash Access allows you to create a custom splash page that can be integrated with any Active Directory or LDAP server through the Meraki Portal, allowing users to provide their domain credentials to gain access.
Active Directory with Group Policies Meraki on the MX
Active Directory based Group Policy provides administrators the ability to apply Group Policy to client devices based on a user’s group membership in Active Directory via Splash Access.
The MX utilizes Microsoft’s Windows Management Instrumentation (WMI) service to pull a continuous stream of Logon Security Events from specified Domain Controllers in the Active Directory domain. These security events have critical information that tell the MX which user accounts are logged into which computers. Specifically, the events contain the IP address of the computer and the Windows username of the logged on user.
The MX will run through the following steps to identify AD group members and apply associated group policies:
- MX securely contacts the specified Domain Controllers for the AD domain, using TLS.
- MX reads WMI logon events from the DC’s security events, to determine which users are logged into which devices.
- MX binds to DCs using LDAP/TLS to gather each user’s AD group membership.
- Group membership is added to a database on the MX.
- If a domain user’s group membership matches an AD group policy mapping in Dashboard, the MX can apply the associated group policy to the user’s computer.
Because the MX is continuously gathering this information from the domain controllers, it is able to accurately apply policy in real-time whenever a new user logs in.
AD Authentication and Group policy’s is only available on the MX devices. Only Authentication is available on MR devices.