Skip to content
Network as Code

Organization Adaptive Policy Configuration

Dashboard Location: Organization > Adaptive Policy

Organization-Wide Adaptive Policy and Dynamic Security Management

Section titled “Organization-Wide Adaptive Policy and Dynamic Security Management”

Adaptive Policy configuration in Meraki organizations provides administrators with comprehensive dynamic security capabilities, enabling Security Group Tag (SGT) based network segmentation, policy-driven access control, contextual security enforcement, and automated security group assignment. This functionality supports zero-trust network architectures, micro-segmentation strategies, identity-based access control, threat containment, and dynamic policy enforcement based on user identity, device type, location, and behavioral analysis. Adaptive Policy is essential for advanced network security, regulatory compliance, data protection, insider threat mitigation, and maintaining granular security controls across distributed enterprise networks while supporting software-defined perimeter concepts and continuous security assessment.

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

organizations (meraki.domains)

Section titled “organizations (meraki.domains)”
NameTypeConstraintMandatoryDefault Value
adaptive_policyClass[adaptive_policy]No

adaptive_policy (meraki.domains.organizations)

Section titled “adaptive_policy (meraki.domains.organizations)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
settings_enabled_networksListString[min: 1, max: 127]No
aclsList[acls]No
groupsList[groups]No
policiesList[policies]No

acls (meraki.domains.organizations.adaptive_policy)

Section titled “acls (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
descriptionStringmin: 1, max: 1024No
rulesList[rules]No
ip_versionChoiceany, ipv4, ipv6No

groups (meraki.domains.organizations.adaptive_policy)

Section titled “groups (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
sgtIntegermin: 0, max: 65535No
descriptionStringmin: 1, max: 1024No
policy_objectsListString[min: 1, max: 127]No

policies (meraki.domains.organizations.adaptive_policy)

Section titled “policies (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
source_groupClass[source_group]No
destination_groupClass[destination_group]No
aclsListString[min: 1, max: 127]No
last_entry_ruleChoiceallow, default, denyNo
organization_nameStringmin: 1, max: 127Yes
nameStringmin: 1, max: 127Yes

rules (meraki.domains.organizations.adaptive_policy.acls)

Section titled “rules (meraki.domains.organizations.adaptive_policy.acls)”
NameTypeConstraintMandatoryDefault Value
policyChoiceallow, denyYes
protocolChoiceany, icmp, tcp, udpYes
logBooleantrue, falseNo
tcp_establishedBooleantrue, falseNo
source_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3

source_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “source_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

destination_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “destination_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

Examples

Section titled “Examples”

Example-1: The example below demonstrates organization adaptive policy configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: !env domain
      administrator:
        name: !env org_admin
      organizations:
        - name: !env org
          adaptive_policy:
            settings_enabled_networks:
              - !env network_name
            policies:
              - name: Corp Policy
                organization_name: !env org
                source_group:
                  name: USERS
                  sgt: 30
                destination_group:
                  name: IOT
                  sgt: 40
                acls:
                  - Permit Corp
                  - Deny Corp
                last_entry_rule: allow
            groups:
              - name: USERS
                sgt: 30
                description: Corporate Users
                # policy_objects:
                #   - Corp Policy
              - name: IOT
                sgt: 40
                description: Corporate IOT Devices
                # policy_objects:
                #   - Corp Policy
            acls:
              - name: Permit Corp
                description: Permit Example
                rules:
                  - policy: allow
                    protocol: tcp
                    source_port: 4000
                    destination_port: 6000
                ip_version: ipv4
              - name: Deny Corp
                description: Deny Example
                rules:
                  - policy: deny
                    protocol: tcp
                    source_port: 4001
                    destination_port: 6001
                ip_version: ipv4