UniFi Identity Enterprise - Configure IdP Routing Rules
By default, users can sign in to UniFi Identity Enterprise via all the available identity providers (IdP) in their workspaces. Identity Provider Routing Rule can direct users to specific IdPs based on users' sign-in environments.
Requirements
Before adding routing rules, make sure that at least a Google, Microsoft 365, or custom SAML IdP has been configured.
Add Routing Rules
-
Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Go to Security > Identity Provider > Routing Rule and click New Routing Rule.
- Fill in the required fields (See the table below for more information) and click Create.
General
Fields | Description |
Name | Enter a name for this rule. |
Description | Enter a description for this rule. |
Validity Period | Specify the effective period of the policy.
|
Conditions and Actions
Fields | Description |
If the user's IP is | Specify the IP address location.
|
And the user is accessing | The rule is triggered when users are accessing any or specified apps. |
And the user matches | Specify which sign-in attributes users must match.
|
Then let them sign in to UniFi Identity Enterprise with | Specify which IdP the users will be directed to when the specified conditions are met. The supported IdPs include UniFi Identity Enterprise, Google, Microsoft, and Custom SAML. |
Prioritize Routing Rules
Note: The default rule has the lowest priority and its settings cannot be changed.
- Go to Security > Identity Provider > Routing Rule.
- Drag the Ellipsis icon in front of a rule either up or down to change its priority. Rules with a higher priority take precedence over rules with a lower priority.
Manage Routing Rules
- Click an existing routing rule to edit it.
- Click the Manage button to Enable, Disable, or Remove a rule.