UniFi Identity Enterprise - Manage Your UniFi Consoles and UniFi Identity Enterprise Agent

Update Security Token

Note: Only users with the following roles can create a security token:

  • Owner
  • Super Admin
  • Custom roles with the permission to edit UniFi Console.
  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
  2. Go to Settings > UniFi Consoles > Consoles and click the Add Console icon.
  3. Enter the token description, set the validity period, and click Create.
  4. Verify your account with an MFA method.
  5. Click Copy to copy the token. The token expires in 10 minutes.
  6. Go to UniFi Site Manager > select a console > OS Settings > Console Settings > Identity Enterprise > Manage.
  7. Go to the Security Token field and click Update.
  8. Paste the token and click Update.

Update Identity Enterprise Agent

For UniFi OS 3.1.x and Below

  1. Go to your UniFi OS > Applications > UniFi OS.
  2. Select a release channel.
  3. Click Apply Changes.
  4. Update your Identity Enterprise Agent version.

For UniFi OS 3.2.x and Above

Method 1

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Click a console and a panel will prompt.
  3. If a new version is available, you will see an Update Identity Enterprise Agent link above the Overview session, click the link to update.

Method 2

  • UniFi Site Manager (https://unifi.ui.com)
    • For Agent 1.55.31 and below
      1. Go to OS Settings > Console Settings > Identity Enterprise > Manage and update it manually.
    • For Agent 1.55.31 and above
      1. Go to OS Settings > Applications > UniFi OS.
      2. Select a release channel and click Apply Changes.
      3. Go to Console Settings > Identity Enterprise > Manage.
      4. Click Update or enable Auto Update.
  • Local Site Manager (https://[your_console_ip}
      • For Agent 1.55.31 and below
        1. Go to OS Settings > Identity Enterprise > Manage and update it manually.
      • For Agent 1.55.31 and above
        1. Go to OS Settings > Applications > UniFi OS.
        2. Select a release channel and click Apply Changes.
        3. Go to Identity Enterprise > Manage.
        4. Click Update or enable Auto Update.

Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise

Note: Enabling static public IP is discouraged if your UniFi Console uses dynamic public IP addresses.

Configure the UniFi Console IPs Allowed to Access Your Identity Enterprise

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Click the Gear icon and tick the checkbox as needed.
    • When the Static public IP checkbox is ticked, your console will only be able to connect to UniFi Identity Enterprise from an allowed public IP address.
    • When the Trusted network checkbox is ticked, only consoles with public IP addresses within the selected networks can connect to your UniFi Identity Enterprise. To manage the network zones, go to your Identity Enterprise Manager > Security > Identity Firewall > Network Zone.

Edit the Allowed Public IP

Note: To edit the allowed public IP, please first ensure that static public IP is enabled in Settings > UniFi Consoles > click the Gear icon.

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Select a console and go to Manage.
  3. In the Allowed Public IP field, enter the UniFi Consoles’s public IP address.
  4. Click Save.

Link Identity Enterprise Account to a UI Account

When the two accounts are linked, the UniFi OS permissions assigned to your Identity Enterprise Account will be synced to your UI Account. You can then use your UI Account to access the UniFi Site Manager and all on-premises UniFi mobile apps of the UnFi Consoles assigned to your Identity Enterprise Account.

When unlinked, the UniFi OS permissions assigned to your Identity Enterprise Account will not be synced to your UI Account, and you cannot use your UI Account to access the UniFi Console assigned to your Identity Enterprise Account.

Refer to this article to learn more about UI Accounts, Local Credentials, and Identity Enterprise Accounts.

To link your Identity Enterprise Account to your UI Account:

  1. Ensure your admin has updated Identity Enterprise Agent to 1.55.31.
  2. Go to your Identity Enterprise Workspace > click your profile picture > Manage Your Account > Security > UI Account.
  3. Click Link.

Grant UniFi OS Permissions in Identity Enterprise Manager

By Assigning Identity Enterprise Admin Roles

The following Identity Enterprise admin roles will be automatically assigned full access to UniFi Console. 

  • Owner, Super Admin, IT Admin, and Workspace-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the workspace.
  • Site Admin, Site IT Admin, and Site-Level customized admin roles with permissions to edit UniFi Consoles: Can access all UniFi Consoles added to the site managed by them.

Notes: 

  • Workspaces created after February 2023 only have 3 types of predefined admin roles: Owner, Super Admin, and Read-Only Admin.
  • Refer to this article to learn more about assigning Identity Enterprise admin roles.

By Assigning UniFi OS Admins Roles

To grant granular UniFi OS permissions, follow the steps below:

  1. Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > select a console > UniFi OS Admins.
  2. Click + Admin, search users, and click Next.
  3. Assign the permission to UniFi OS and each UniFi application.
Was this article helpful?
1 out of 11 found this helpful