UniFi Identity Enterprise - Upgrade to UniFi Identity Enterprise
Requirements
Before upgrading to UniFi Identity Enterprise, ensure that you have met the following requirements:
- You are the UniFi OS Owner.
- Your UniFi Console model is listed in the table below.
Model | One-Click WiFi | One-Click VPN | Door Access | Camera Sharing | EV Station | AD/LDAP Integration |
Dream Machine Base (UDM-Base) | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ |
Dream Machine Pro (UDM-Pro) | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
Dream Machine SE (UDM-SE) | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
Dream Machine Pro Max (UDM-Pro-Max) * | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
Dream Wall (UDW) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Network Video Recorder (UNVR) | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ |
Network Video Recorder Pro (UNVR Pro) | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ |
CloudKey Gen2 Plus (UCKP) | ✓ (Requires a Gateway) | ✓ | ✓ | ✓ | ✓ | ✓ |
CloudKey Gen2 (UCK) | ✓ (Requires a Gateway) | ✓ | ✗ | ✗ | ✗ | ✓ |
CloudKey Enterprise (UCK-Enterprise) | ✓ (Requires a Gateway) | ✓ | ✗ | ✗ | ✗ | ✓ |
Cloud Gateway Max (UCG-Max) ** | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Enterprise Fortress Gateway (EFG) *** | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ |
* Requires Dream Machine Pro Max 4.0.3 (EA) or later.
** Requires UniFi OS 4.1 or later.
*** Requires UniFi OS 4.0 or later.
Data and Configuration Migration
Note: We strongly recommend that you back up your UniFi Console before upgrading to UniFi Identity Enterprise.
-
NFC Card and PIN: Users’ NFC cards and PINs can be imported to Identity Enterprise when the following requirements are met:
- You have never added a UniFi Console with NFC cards or PINs registered to your current workspace. If you have multiple consoles to add, only the NFC cards and PINs registered in the first console can be imported to your workspace. Even if you remove the first console from your workspace, the NFC cards and PINs of the remaining consoles still need to be re-registered.
- You have imported UniFi OS users to Identity Enterprise.
-
Mobile Access, One-Click WiFi, One-Click VPN, EV Station, and Camera: Users can access these resources assigned to them using their Identity Enterprise apps when the following requirements are met:
- You have imported UniFi OS users to Identity Enterprise and sent invitation emails to them.
- Your users have activated their Identity Enterprise accounts.
Create a New Workspace
Requirements
- Your email address has never been used to create an Identity Enterprise workspace. See the FAQ for details.
- Your UniFi Console has never activated more than 3 workspaces. Otherwise, please add your console to an existing workspace.
Important Notice
- Starting from UniFi OS 4.1, the UniFi Console Owner and Admins can no longer create new Identity Enterprise workspaces in the user interface. To create a new workspace, fill in the workspace request form.
Create a New Workspace
UniFi OS 4.0.x
UniFi OS 3.2.x
- Go to your Site Manager and select a console.
- Go to Admins & Users > Identity Settings.
- Scroll down to Manage and click Upgrade to UniFi Identity Enterprise.
- Select Create New Workspace and tick the I agree to Identity Enterprise’s Privacy Policy and End User License Agreement checkbox.
- Select a subscription plan and click Upgrade Now. The Standard Plan is currently only available in the U.S.
- Read the important notice and click Continue.
- Select users whom you want to migrate to your Identity Enterprise workspace. The migrated users can be managed in your Identity Enterprise Manager and you can assign resources to them. You can also skip this step and perform this action later.
- Once your UniFi Identity Enterprise is activated, you will receive a notification in your email inbox and on your UniFi mobile app (If your console model is UNVR or UNVR Pro, the instructions will be sent to your UniFi Protect mobile app).
- Open your email inbox or UniFi mobile app, follow the instructions to set up your account, and start exploring One-Click WiFi, One-Click VPN, and other powerful features.
- Do either of the following:
- Go to your UniFi Site Manager (https://unifi.ui.com) > select a console > OS Settings > Console Settings > Identity Enterprise > Upgrade.
- Go to your Local Site Manager (https://your_console_ip) > select a console > OS Settings > Identity Enterprise.
- Select Create New Workspace and tick the I agree to Identity Enterprise’s Privacy Policy and End User License Agreement checkbox.
- Select a subscription plan and click Upgrade Now. The Standard Plan is currently only available in the U.S.
- Read the important notice and click Continue.
- Once your UniFi Identity Enterprise is activated, you will receive a notification in your email inbox and UniFi mobile app (If your console model is UNVR or UNVR Pro, the instructions will be sent to your UniFi Protect mobile app).
- Open your email inbox or UniFi mobile app, follow the instructions to set up your account, and start exploring One-Click WiFi, One-Click VPN, and other powerful features.
Customize Workspace Domain
Once your Identity Enterprise workspace is created, the system will automatically generate a workspace domain. Your Identity Enterprise users can access their workspace via https://[your workspace domain].ui.com. To customize your workspace domain, please follow the steps here.
Add a Console to an Existing Workspace
After you have created and activated your UniFi Identity Enterprise workspace, you can add multiple consoles to your workspace.
Note: A site or a workspace can include multiple UniFi Consoles. But a UniFi Console can only be added to one site or one workspace.
UniFi OS 4.1.x
UniFi OS 4.0.x
UniFi OS 3.2.x
- Go to your Site Manager and select a console.
- Go to Settings > Admins & Users > Identity Endpoint and enable UniFi Identity Endpoint, if not already.
- Go to Manage and click Add to an Existing Workspace.
- Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
- Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > +.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Copy the token. The token expires in 10 minutes.
- Return to your Identity Endpoint page, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
- Click Add.
- Read the Important Notice About Identity Enterprise Upgrade, agree to the policy and license agreement, and click Continue.
- Go to your Site Manager and select a console.
- Go to Admins & Users > Identity Settings.
- Scroll down to Manage and click Upgrade to UniFi Identity Enterprise.
- Select Add to Existing Workspace.
- Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
- Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles.
- Click the Add Console icon.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Copy the token. The token expires in 10 minutes.
- Return to your Identity application, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
- Click Add Console.
- Read the important notice and click Continue.
- Do either of the following:
- Go to UniFi Site Manager (https://unifi.ui.com) > select a console > OS Settings > Console Settings > Identity Enterprise > Upgrade.
- Go to Local Site Manager (https://your_console_ip) > select a console > OS Settings > Identity Enterprise.
- Select Add to Existing Workspace.
- Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
- Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles.
- Click the Add Console icon.
- Enter the token description, set the validity period, and click Create.
- Verify your account with an MFA method.
- Copy the token. The token expires in 10 minutes.
- Return to Identity Enterprise in your OS Settings, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
- Click Add Console.
- Read the important notice and click Continue.
Understand Account Types
This table outlines each account type and its respective permission(s). Refer to this article for more information on connecting to UniFi Site Manager or Local Site Manager.
Account | Description | Purpose |
UI Account |
|
|
Local Credentials |
|
Access Local Site Manager |
UniFi Identity Enterprise Account |
|
Access UniFi Site Manager by redirecting from Identity Enterprise Workspace |
FAQ
Can I use the same email address to create more than one UniFi Identity Enterprise workspace?
No. An email address can be used to activate only one UniFi Identity Enterprise workspace. Here are alternative approaches if you want to use the same email address for the workspace owner across different workspaces.
- Deactivate your current workspace and then apply for a new workspace.
- Apply for a new workspace using a different email address, and then transfer the workspace ownership to your email address after the workspace is activated.
I have deactivated UniFi Identity Enterprise on a UniFi Console. Can I reactivate it on the console?
Yes. You can reactivate UniFi Identity Enterprise on the UniFi Console in two ways: by creating a new Identity Enterprise workspace on the console or by adding the console to an existing workspace. See this FAQ for details.