Cloud Gateways Switching WiFi Physical Security Integrations
What's New Support
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Physical Security Integrations

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. Identity Enterprise
  4. Admin Guide - Features & Configuration

Managing Your UniFi Consoles and UniFi Identity Enterprise Agent

This article guides you through managing your UniFi Consoles and UniFi Identity Enterprise Agent for optimal workspace performance. If you're looking to get started with Identity Enterprise, click here

Update your UniFi OS and UniFi Identity Enterprise Agent to the latest versions for the newest features and optimal performance.

Update Security Token

Only users with the following roles can create a security token:

  • Owner
  • Super Admin
  • Custom roles with the permission to edit UniFi Console.
  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > upper-right Add Console icon.
  2. Enter the token description, set the validity period, and click Create. Verify your account with an MFA method.
  3. Copy the token. The token expires in 10 minutes.
  4. Follow the steps based on your UniFi OS version:
    • UniFi OS 4.3: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Identity > Security Token > Update.
    • UniFi OS 4.2: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Control Plane > Admins & Users > Identity Endpoint > Security Token > Update.
    • UniFi OS 4.1: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Admins & Users > Identity Endpoint > Security Token > Update
  5. Paste the token and click Update.

Update Identity Enterprise Agent

Method 1

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles > select a console.
  2. If a new version is available, go to Overview and click the Update Identity Enterprise Agent link.

Method 2

  1. Follow the steps based on your UniFi OS version:
    • UniFi OS 4.3: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Identity > Manage.
    • UniFi OS 4.2: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Control Plane > Admins & Users > Identity Endpoint > Manage.
    • UniFi OS 4.1: Go to your UniFi Site Manager (https://unifi.ui.com/) > select a console > Settings > Admins & Users > Identity Endpoint > Manage.
  2. Click Update or Auto Update.

Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise

Note: Enabling static public IP is discouraged if your UniFi Console uses dynamic public IP addresses.

Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Click the Gear icon and tick the checkbox as needed.
    • When the Static public IP checkbox is ticked, your console will only be able to connect to UniFi Identity Enterprise from an allowed public IP address.
    • When the Trusted network checkbox is ticked, only consoles with public IP addresses within the selected networks can connect to your UniFi Identity Enterprise. To manage the network zones, go to your Identity Enterprise Manager > Security > Identity Firewall > Network Zone.

Edit the Allowed Public IP

Note: To edit the allowed public IP, please first ensure that static public IP is enabled in Settings > UniFi Consoles > click the Gear icon.

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Select a console and go to Manage.
  3. In the Allowed Public IP field, enter the UniFi Consoles’s public IP address.
  4. Click Save.

Link Identity Enterprise Account to a UI Account

When the two accounts are linked, the UniFi OS permissions assigned to your Identity Enterprise Account will be synced to your UI Account. You can then use your UI Account to access the UniFi Site Manager and all on-premises UniFi mobile apps of the UniFi Consoles assigned to your Identity Enterprise Account.

When unlinked, the UniFi OS permissions assigned to your Identity Enterprise Account will not be synced to your UI Account, and you cannot use your UI Account to access the UniFi Console assigned to your Identity Enterprise Account.

Refer to this article to learn more about UI Accounts, Local Credentials, and Identity Enterprise Accounts.

To link your Identity Enterprise Account to your UI Account:

  1. Ensure your admin has updated Identity Enterprise Agent to 1.55.31.
  2. Go to your Identity Enterprise Workspace > click your profile picture > Manage Your Account > Security > UI Account.
  3. Click Link.

Grant UniFi OS Permissions in Identity Enterprise Manager

By Assigning Identity Enterprise Admin Roles

The following Identity Enterprise admin roles will be automatically assigned full access to UniFi Console. 

  • Owner, Super Admin, IT Admin, and Workspace-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the workspace.
  • Site Admin, Site IT Admin, and Site-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the site managed by them.

Notes: 

  • Workspaces created after February 2023 only have 3 types of predefined admin roles: Owner, Super Admin, and Read-Only Admin.
  • Refer to this article to learn more about assigning Identity Enterprise admin roles.

By Assigning UniFi OS Admins Roles

To grant granular UniFi OS permissions, follow the steps below:

  1. Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > select a console > UniFi OS Admins.
  2. Click + Admin, search users, and click Next.
  3. Assign the permission to UniFi OS and each UniFi application.
Was this article helpful?