Encapto MSP provides deep integration with Meraki for automated provisioning and right-sized portals for different customer needs.
Encapto MSP creates a separate PDL (per-device licensing) based Meraki Organisation for each customer and a combined network for each customer site. Combined networks are constantly created for consistency, even if the customer only has only a single device type. Note that when importing existing customers (e.g. via sync), they must follow this convention.
The video below summarises the process of setting up Meraki with Encapto MSP. Please read further on for more detailed documentation.
- Meraki PDL licenses
- Single Meraki organisation per customer.
- Single Meraki combined network per customer site.
Enabling Meraki Integration
We recommend creating a specific Encapto MSP Robot user account and organisation in the Meraki cloud, this way you can independently control the permissions of the integration (e.g. to specific organisations).
password of the Meraki account is required.
Password are required for web-automation integration where Meraki has not yet made APIs available.
Creating a Robot user
Full description: A robot user is a normally created Meraki user that is used only by Encapto MSP to integrate with Meraki organisations. You will need to associate the Robot user to an email address that you have access to. We suggest having a dedicated email address as the Robot user's email address. Next, create a new organisation and add the new Robot user (email address).
- Create a unique email address for your Robot user
- Create a new Bootstrap organisation (alternatively use an existing org you want Encapto MSP to have access to)
- Log in to your current Meraki cloud account
- Select MSP Portal from the Organization list. If you can't see an organistion dropdown, you will need to follow the steps here instead, from the 'If the Organization dropdown is not present' title. Be sure to enter the new company name you setup as 'Encapto-Bootstrap-ORG'.
- Click Add organization
- Enter Encapto-Bootstrap-ORG as the name
- Select None for Copy settings from
- Click Create org
- Add the new Robot user to the Bootstrap organisation as an administrator with the write (Full) permission
- Log in to your current Meraki cloud account
- Select the new Encapto-Bootstrap-ORG from the Organisation drop-down
- Click on the Organization tab
- Click Administrators
- Click Add admin button
- Enter Encapto Robot User as the Name
- Enter the Robot user's email address
- Select Full as the Organization Access
- Click Create admin
- Click Save changes
- Accept the Meraki cloud invitation in the email of the Robot user
- Create a password for the Robot user's Meraki cloud account
- Copy the email address and password to the clipboard
Complete the integration in Encapto MSP
Now that you have a Robot user and API credentials, switch back to the Encapto MSP On-boarding wizard and complete the 'Connect your Meraki Organization' form. You can use the link in the activation email you received to bring up the wizard.
Add an API Key for Robot user
Full description: The Meraki Cloud API Key is required to enable secure communications between Meraki and Encapto. First, log in as the new Robot user (created above) then enable the API for your organization (Meraki Cloud) under Organization > Settings > Dashboard API access.
Locate Robot user's Meraki Cloud API Key
This API key will be associated with the Dashboard Administrator account (Robot user) which generates it, and will inherit the same permissions as that account. You can generate, revoke, and regenerate your API key on your profile.
- If you are logged into Meraki cloud, please log out.
- Log on to your Meraki cloud using the Robot user's credentials
- Click on Your Username (top right side)
- Click My profile
- Scroll down to the API access section
- Click Generate API key, Copy or make note of your API key
NOTE: Keep your API key safe as it provides authentication to all of your organizations with the API enabled. If your API key is shared, you can regenerate your API key at any time. This will revoke the existing API key.
What happens during setup
The following will be done upon providing Meraki credentials to Encapto MSP via the Wizard:
A template organisation named
Encapto Template will be created. This organisation will be used as a template to clone for new customer organisations. You may make changes to this organisation that you want to be cloned to each customer organisation when they are created. Note that the changes will not be applied to existing customer organisations.
Encapto Template, there will be a config template created, which is used for cloning (but not binding) new combined networks for customer sites. Note that Encapto MSP does not support having networks bound to templates. This template will be copied across to newly created customer organisations, and that copy in the customer organisation will be used as a template for cloning customer sites.
This is password protected WiFi and it's configured as SSID slot 13.
Public WiFi allows public users to connect to WiFi via the Encapto portal page. This includes Encapto WiFi features like Campaigns, Surveys, Operating hours and social login methods (Facebook, Twitter and more)
The template will be pre-configured with WiFi and Encapto radius settings for Public Wifi to function (configured as SSID 14).
Guest WiFi allows you customers to manage specific guests to connect to the Guest WiFi using a individual usernames and passwords (Meraki Cloud Authentication).
The template will be pre-configured with WiFi and Meraki cloud authentication for Guest WiFi to function (configured as SSID 15).
EncaptoLicenceBucket will also be created - this is used for stocking and managing Meraki licenses - contact us if you need this feature.
What should I do after setup?
Have a look at the
Encapto Template organisation - you will need to sign in as the Robot user and add your staff as admins to the 'Encapto Template' organisation so that they will have access to any customer organisations created by Encapto MSP.
You will need to switch the `Encapto Template` organisation (and the `EncaptoLicenceBucket` organisation if you are stocking licenses) to PDL. Currenly this is done by emailing the Meraki team at email@example.com.
Take a look at the network template created in the 'Encapto Template' organisation. You can make changes here, like set the default SSID name of on of the configured slots (13-15). Changes made here will be copied across to new customers.
If you are provisioning switches, we recommend selecting a particular port number as the uplink port and prefixing the name with
locked- this will prevent your customers from making changes to that port from their Encapto MSP portal.
The next step is to onboard customers! Checkout the guide here - if you have an existing lab, follow the Migrating existing customers to Encapto MSP documentation to try the lab in Encapto MSP.
Enabling Public Wifi
If you wish to sell Public WiFi Hotspots (to enable your customer to create their own WiFi portals, with social logins, surveys and more ), then you will need to enable radius accounting in your Meraki account - this is something that needs to be manually enabled on your account by Meraki.
You will need to:
1. Contact Meraki Support to have accounting enabled for the Encapto Template organisation (as well as any existing organisation you wish to migrate and add the Public Wifi Feature) https://documentation.meraki.com/General_Administration/Support/Contacting_Support
2. Contact Encapto Support to have the Radius account configured https://support.encapto.com/hc/en-us/requests/new
In additional to the built in social logins, we also support SMS OTP. This allows your customers to configure hot spot portals that capture valid mobile phone numbers by SMSing a on- time-password (OTP) to sign on. This requires an SMS gateway. Please contact support if you would also like this feature enabled on your account https://support.encapto.com/hc/en-us/requests/new.
Common changes that you can make in Meraki
- Device attribute changes (e.g. updating SSIDs, port settings or any other configuration)
- Adding/Removing admins to organisations. We highly recommend adding your admins to the
EncaptoTemplateorganisation so that they have access to all the customer organisations Encapto MSP will create.
Avoiding incompatible changes in Meraki
As Encapto MSP tightly integrates with Meraki, some changes can be made in the Meraki dashboard that will break the integration. This is not a comprehensive list but, please avoid:
- Deleting organisations, networks, templates or devices under management by Encapto MSP
- Rename organisations, networks or templates under management by Encapto MSP
- Change device network allocations for customers managed by Encapto MSP (use our built-in inventory management instead)
- Removing Encapto MSP IP addresses from the Meraki whitelist
- Updating Radius settings for the configured public SSID number
As a rule of thumb, attribute changes of organisations, networks and devices will not affect Encapto MSP and will be reflected accurately in the customers' portal where relevant.
Depending on which hardware the customer has, they will have the following features enabled on their portal:
Dashboard page per site - showing a summary of their site status.
WiFi page per site, if they have Meraki MRs on that site
SD-WAN page per site, if they have a Meraki MX on that site
Network page per site, if they have Meraki Switches on that site