UniFi Identity Enterprise - Manage Your UniFi Consoles and UniFi Identity Enterprise Agent
Update Security Token
Note: Only users with the following roles can create a security token:
- Owner
- Super Admin
- Custom roles with the permission to edit UniFi Console.
UniFi OS 3.1.x
UniFi OS 3.2.x
UniFi OS 4.0.x
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles > Consoles and click the Add Console icon.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Click Copy to copy the token. The token expires in 10 minutes.
- Go to your UniFi or Local Site Manager > select a console > OS Settings > Applications > Identity > Manage.
- Go to the Security Token field and click Update.
- Paste the token and click Update.
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles > Consoles and click the Add Console icon.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Click Copy to copy the token. The token expires in 10 minutes.
- Do either of the following:
- Go to your UniFi Site Manager (https://unifi.ui.com)> select a console > OS Settings > Console Settings > Identity Enterprise > Manage.
- Go to your Local Site Manager (https://your_console_ip) > select a console > OS Settings > Identity Enterprise > Manage.
- Go to the Security Token field and click Update.
- Paste the token and click Update.
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles > Consoles and click the Add Console icon.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Copy the token. The token expires in 10 minutes.
- Go to your UniFi or Local Site Manager > select a console > OS Settings > Admins & Users > Identity Enterprise.
- Go to the Security Token field and click Update.
- Paste the token and click Update.
Update Identity Enterprise Agent
UniFi OS 3.1.x
UniFi OS 3.2.x
UniFi OS 4.0.x
- Go to your UniFi OS > Applications > UniFi OS.
- Select a release channel.
- Click Apply Changes.
- Update your Identity Enterprise Agent version.
Method 1
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
- Click a console and a panel will prompt.
- If a new version is available, you will see an Update Identity Enterprise Agent link above the Overview session, click the link to update.
Method 2
-
UniFi Site Manager (https://unifi.ui.com)
- For Agent 1.55.31 and below
- Go to OS Settings > Console Settings > Identity Enterprise > Manage and update it manually.
- For Agent 1.55.31 and above
- Go to OS Settings > Applications > UniFi OS.
- Select a release channel and click Apply Changes.
- Go to Console Settings > Identity Enterprise > Manage.
- Click Update or enable Auto Update.
- For Agent 1.55.31 and below
-
Local Site Manager (https://[your_console_ip}
- For Agent 1.55.31 and below
- Go to OS Settings > Identity Enterprise > Manage and update it manually.
- For Agent 1.55.31 and above
- Go to OS Settings > Applications > UniFi OS.
- Select a release channel and click Apply Changes.
- Go to Identity Enterprise > Manage.
- Click Update or enable Auto Update.
- For Agent 1.55.31 and below
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
- Click a console and a panel will prompt. If a new version is available, click the Update Identity Enterprise Agent link displayed above the Overview section.
Method 2
- Go to Site Manager > OS Settings > Admins & Users > Identity Enterprise > Manage.
- Click Update or Auto Update.
Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise
Note: Enabling static public IP is discouraged if your UniFi Console uses dynamic public IP addresses.
Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
-
Click the Gear icon and tick the checkbox as needed.
- When the Static public IP checkbox is ticked, your console will only be able to connect to UniFi Identity Enterprise from an allowed public IP address.
- When the Trusted network checkbox is ticked, only consoles with public IP addresses within the selected networks can connect to your UniFi Identity Enterprise. To manage the network zones, go to your Identity Enterprise Manager > Security > Identity Firewall > Network Zone.
Edit the Allowed Public IP
Note: To edit the allowed public IP, please first ensure that static public IP is enabled in Settings > UniFi Consoles > click the Gear icon.
- Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
- Select a console and go to Manage.
- In the Allowed Public IP field, enter the UniFi Consoles’s public IP address.
- Click Save.
Link Identity Enterprise Account to a UI Account
When the two accounts are linked, the UniFi OS permissions assigned to your Identity Enterprise Account will be synced to your UI Account. You can then use your UI Account to access the UniFi Site Manager and all on-premises UniFi mobile apps of the UnFi Consoles assigned to your Identity Enterprise Account.
When unlinked, the UniFi OS permissions assigned to your Identity Enterprise Account will not be synced to your UI Account, and you cannot use your UI Account to access the UniFi Console assigned to your Identity Enterprise Account.
Refer to this article to learn more about UI Accounts, Local Credentials, and Identity Enterprise Accounts.
To link your Identity Enterprise Account to your UI Account:
- Ensure your admin has updated Identity Enterprise Agent to 1.55.31.
- Go to your Identity Enterprise Workspace > click your profile picture > Manage Your Account > Security > UI Account.
- Click Link.
Grant UniFi OS Permissions in Identity Enterprise Manager
By Assigning Identity Enterprise Admin Roles
The following Identity Enterprise admin roles will be automatically assigned full access to UniFi Console.
- Owner, Super Admin, IT Admin, and Workspace-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the workspace.
- Site Admin, Site IT Admin, and Site-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the site managed by them.
Notes:
- Workspaces created after February 2023 only have 3 types of predefined admin roles: Owner, Super Admin, and Read-Only Admin.
- Refer to this article to learn more about assigning Identity Enterprise admin roles.
By Assigning UniFi OS Admins Roles
To grant granular UniFi OS permissions, follow the steps below:
- Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > select a console > UniFi OS Admins.
- Click + Admin, search users, and click Next.
- Assign the permission to UniFi OS and each UniFi application.