UniFi Identity Enterprise - Manage Your UniFi Consoles and UniFi Identity Enterprise Agent

2023-12-06 03:07:50 UTC

Update Security Token

Note: Only users with the following roles can create a security token:

  • Owner
  • Super Admin
  • Custom roles with the permission to edit UniFi Console.
  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
  2. Go to Settings > UniFi Consoles > Consoles and click the Add Console icon.
  3. Enter the token description, set the validity period, and click Create.
  4. Verify your account with an MFA method.
  5. Click Copy to copy the token. The token expires in 10 minutes.
  6. Go to your OS Settings and click UniFi Identity Enterprise.
  7. Go to the Security Token field and click Update.
  8. Paste the token and click Update.

Update Identity Enterprise Agent

If your UniFi OS version is 3.1.x, please follow the steps below to update the Identity Enterprise Agent:

  1. Go to your UniFi OS > Applications > UniFi OS.
  2. Select a release channel.
  3. Click Apply Changes.
  4. Update your Identity Enterprise Agent version.

If your UniFi OS version is 3.2.x, please follow the steps below to update your Agent:

Method 1

  1. Go to your Identity Enterprise Manager > Settings > UniFi Consoles.
  2. Click a console and a panel will prompt.
  3. If a new version is available, you will see an Update Identity Enterprise Agent link above the Overview session, click the link to update.

Method 2

  1. Go to your OS Settings > Identity Enterprise > Manage.
  2. Click Update Identity Enterprise.

Restrict the IPs that Can Access Your UniFi Console

Note: Enabling Static public IP is discouraged if your UniFi Console uses dynamic public IP addresses.

Restrict IPs to Access Your UniFi Console

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Settings > UniFi Consoles.
  3. Click the Gear icon and tick the checkbox as needed.
    • When the Static public IP checkbox is ticked, your console will only be able to connect to UniFi Identity Enterprise from an allowed public IP address. 
    • When the Trusted network checkbox is ticked, only consoles with public IP addresses within the selected networks can connect to your UniFi Identity Enterprise. To manage the network zones, go to your Identity Enterprise Manager > Security > Identity Firewall > Network Zone. 

Edit Allowed Public IP

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Settings > UniFi Consoles.
  3. Select a console and go to Manage.
  4. In the Allowed Public IP field, enter the UniFi Consoles’s public IP address.
  5. Click Save.

Manage UniFi OS and Each Application Access

Account Types

This table outlines each account type and its respective permission(s):

Account Definition Permission
UI Account The user's Ubiquiti account (account.ui.com), which if permitted, can access multiple UniFi Consoles. Remote and Local Access
Local Access Account This account, accessed with a unique username and password, can only access one UniFi Console. Local Access
UniFi Identity Enterprise Account Account details are read-only in UniFi OS > Admins > Imported from UID but can be edited in UniFi Identity Enterprise. Remote Access (Redirected from UniFi Identity Enterprise Workspace
  • Remote Access:
    • Sign in from http://unifi.ui.com.
    • Go to your Identity Enterprise Portal, click UNIFI OS, and select a console.
    • Go to your Identity Enterprise Manager > Settings > UniFi Consoles, and click a console > View on UniFi Portal.
  • Local Access: Enter the console's IP address into a web browser.

Assign the UniFi Console Access to Non-Admin Users

The following UniFi Identity Enterprise roles will be automatically added to the UniFi OS Admins list and can access UniFi OS from their UniFi Identity Enterprise workspaces.

  • Owner
  • Super Admins
  • Custom roles with the UniFi Console edit permissions

To allow non-admin users to access UniFi Console by redirecting from their UniFi Identity Enterprise workspace, follow the steps below.

  1. Go to Settings > UniFi Consoles > Consoles.
  2. Click a console and a panel will prompt.
  3. Scroll down to the UniFi OS Admins tab and click + Admin.
  4. Search and select users, click Next, and select a role to assign.
    • Administrator: Can view and configure settings with Full Management permission.
    • Viewer: Can view applications without permission to configure anything.
    • Limited Admin: You can specify their permissions to manage UniFi OS and each application.
      • None: Cannot access an application at all.
      • Hotspot Operator (Network): Can manage guest WiFi hotspots set up by Admins.
      • Site Admin (Network): Can manage Network application settings for a specific site (only available for UniFi OS Consoles that host multiple sites).
  5. Click Add.

Remove UniFi Consoles

Removing a console will also delete all the configurations and data of the door access, network, and directory deployed on that console. This action cannot be undone.

  1. Go to Settings > UniFi Consoles > Consoles.
  2. Select consoles.
  3. Click Remove.
  4. Click Delete to confirm you want to delete this device.

Troubleshoot an Offline Identity Enterprise Agent

If your Identity Enterprise Agent goes offline:

  1. Check your network connection.
  2. Go to your Enterprise Manager > Settings > UniFi Consoles > Consoles, and select the offline console.
  3. Follow the steps below according to the offline reason shown on the console's details page:
    1. Security token expires: See Update Security Token above for details.
    2. Allowed public IP address does not match the UniFi Console IP: do either of the following:
      • Copy and paste the public IP into Manage > Allowed public IP.
      • Disable Static public IP in Settings > UniFi Consoles > Gear icon.
    3. The public IP is not within the trusted network zones: do either of the following:
      1. Click Adjust Trusted Network Zones and add the offline console's public IP to your trusted network zones.
      2. Disable Trusted network in Settings > UniFi Consoles > Gear icon.
  4. Try to restart your console in Console Settings > Console Controls > Restart.
  5. Try to stop and start your Identity Enterprise Agent in OS Settings > Applications > Identity Enterprise.
  6. If the Identity Enterprise Agent remains offline after troubleshooting, download your console's support file and send it to uid.support@ui.com. To download the support file: head to OS Settings > Console Settings > Console Control > Download Support File.
Was this article helpful?
0 out of 0 found this helpful