Help Center Help Articles Professional Support Community RMA & Warranty Downloads Tech Specs

UniFi Identity Enterprise - Upgrade to UniFi Identity Enterprise

Requirements

Before upgrading to UniFi Identity Enterprise, ensure that you have met the following requirements:

  • You are the UniFi OS Owner.
  • Your UniFi Console model is listed in the table below.
Model One-Click WiFi One-Click VPN Door Access Camera Sharing EV Station AD/LDAP Integration
Dream Machine Base (UDM-Base)
Dream Machine Pro (UDM-Pro) ✓ (Requires UAP)
Dream Machine SE (UDM-SE) ✓ (Requires UAP)
Dream Machine Pro Max (UDM-Pro-Max) * ✓ (Requires UAP)
Dream Wall (UDW)
Network Video Recorder (UNVR)
Network Video Recorder Pro (UNVR Pro)
CloudKey Gen2 Plus (UCKP) ✓ (Requires a Gateway)
CloudKey Gen2 (UCK) ✓ (Requires a Gateway)
CloudKey Enterprise (UCK-Enterprise) ✓ (Requires a Gateway)
Cloud Gateway Max (UCG-Max) **
Enterprise Fortress Gateway (EFG) ***

* Requires Dream Machine Pro Max 4.0.3 (EA) or later.

** Requires UniFi OS 4.1 or later.

*** Requires UniFi OS 4.0 or later.

Data and Configuration Migration

Note: We strongly recommend that you back up your UniFi Console before upgrading to UniFi Identity Enterprise.

  • NFC Card and PIN: Users’ NFC cards and PINs can be imported to Identity Enterprise when the following requirements are met:
    • You have never added a UniFi Console with NFC cards or PINs registered to your current workspace. If you have multiple consoles to add, only the NFC cards and PINs registered in the first console can be imported to your workspace. Even if you remove the first console from your workspace, the NFC cards and PINs of the remaining consoles still need to be re-registered.
    • You have imported UniFi OS users to Identity Enterprise.
  • Mobile Access, One-Click WiFi, One-Click VPN, EV Station, and Camera: Users can access these resources assigned to them using their Identity Enterprise apps when the following requirements are met:

Create a New Workspace

Requirements

  • Your email address has never been used to create an Identity Enterprise workspace. See the FAQ for details.
  • Your UniFi Console has never activated more than 3 workspaces. Otherwise, please add your console to an existing workspace.

Important Notice

  • Starting from UniFi OS 4.1, the UniFi Console Owner and Admins can no longer create new Identity Enterprise workspaces in the user interface. To create a new workspace, fill in the workspace request form.

Create a New Workspace

UniFi OS 4.0.x

UniFi OS 3.2.x

  1. Go to your Site Manager and select a console.
  2. Go to Admins & Users > Identity Settings.
  3. Scroll down to Manage and click Upgrade to UniFi Identity Enterprise.
  4. Select Create New Workspace and tick the I agree to Identity Enterprise’s Privacy Policy and End User License Agreement checkbox.
  5. Select a subscription plan and click Upgrade Now. The Standard Plan is currently only available in the U.S.
  6. Read the important notice and click Continue.
  7. Select users whom you want to migrate to your Identity Enterprise workspace. The migrated users can be managed in your Identity Enterprise Manager and you can assign resources to them. You can also skip this step and perform this action later.
  8. Once your UniFi Identity Enterprise is activated, you will receive a notification in your email inbox and on your UniFi mobile app (If your console model is UNVR or UNVR Pro, the instructions will be sent to your UniFi Protect mobile app).
  9. Open your email inbox or UniFi mobile app, follow the instructions to set up your account, and start exploring One-Click WiFi, One-Click VPN, and other powerful features.
  1. Do either of the following:
    • Go to your UniFi Site Manager (https://unifi.ui.com) > select a console > OS Settings > Console Settings > Identity Enterprise > Upgrade.
    • Go to your Local Site Manager (https://your_console_ip) > select a console > OS Settings > Identity Enterprise.
  2. Select Create New Workspace and tick the I agree to Identity Enterprise’s Privacy Policy and End User License Agreement checkbox.
  3. Select a subscription plan and click Upgrade Now. The Standard Plan is currently only available in the U.S.
  4. Read the important notice and click Continue.
  5. Once your UniFi Identity Enterprise is activated, you will receive a notification in your email inbox and UniFi mobile app (If your console model is UNVR or UNVR Pro, the instructions will be sent to your UniFi Protect mobile app).
  6. Open your email inbox or UniFi mobile app, follow the instructions to set up your account, and start exploring One-Click WiFi, One-Click VPN, and other powerful features.

Customize Workspace Domain

Once your Identity Enterprise workspace is created, the system will automatically generate a workspace domain. Your Identity Enterprise users can access their workspace via https://[your workspace domain].ui.com. To customize your workspace domain, please follow the steps here.

Add a Console to an Existing Workspace

After you have created and activated your UniFi Identity Enterprise workspace, you can add multiple consoles to your workspace.

Note: A site or a workspace can include multiple UniFi Consoles. But a UniFi Console can only be added to one site or one workspace.

UniFi OS 4.1.x

UniFi OS 4.0.x

UniFi OS 3.2.x

  1. Go to your Site Manager and select a console.
  2. Go to Settings > Admins & Users > Identity Endpoint and enable UniFi Identity Endpoint, if not already.
  3. Go to Manage and click Add to an Existing Workspace.
  4. Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
    1. Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > +.
    2. Enter the token description, set the validity period, and click Create.
    3. Verify your account with an MFA method.
    4. Copy the token. The token expires in 10 minutes.
  5. Return to your Identity Endpoint page, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
  6. Click Add.
  7. Read the Important Notice About Identity Enterprise Upgrade, agree to the policy and license agreement, and click Continue.
  1. Go to your Site Manager and select a console.
  2. Go to Admins & Users > Identity Settings.
  3. Scroll down to Manage and click Upgrade to UniFi Identity Enterprise.
  4. Select Add to Existing Workspace.
  5. Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
    1. Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles.
    2. Click the Add Console icon.
    3. Enter the token description, set the validity period, and click Create.
    4. Verify your account with an MFA method.
    5. Copy the token. The token expires in 10 minutes.
  6. Return to your Identity application, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
  7. Click Add Console.
  8. Read the important notice and click Continue.
  1. Do either of the following:
    • Go to UniFi Site Manager (https://unifi.ui.com) > select a console > OS Settings > Console Settings > Identity Enterprise > Upgrade.
    • Go to Local Site Manager (https://your_console_ip) > select a console > OS Settings > Identity Enterprise.
  2. Select Add to Existing Workspace.
  3. Obtain the security token. Only the workspace owner, super admin, and custom roles with permissions to edit UniFi Console can generate a security token.
    1. Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles.
    2. Click the Add Console icon.
    3. Enter the token description, set the validity period, and click Create.
    4. Verify your account with an MFA method.
    5. Copy the token. The token expires in 10 minutes.
  4. Return to Identity Enterprise in your OS Settings, paste the security token, and select a site carefully; otherwise, you’ll need to remove the console and repeat the steps.
  5. Click Add Console.
  6. Read the important notice and click Continue.

Understand Account Types

This table outlines each account type and its respective permission(s). Refer to this article for more information on connecting to UniFi Site Manager or Local Site Manager.

Account Description Purpose
UI Account
  • Can access multiple authorized UniFi Consoles locally or remotely. 
  • Can only be managed in Admins & Users.
  • Access UniFi Site Manager
  • Access Local Site Manager
Local Credentials
  • Can only access one authorized UniFi Console locally.
  • Can only be managed in Admins & Users.
Access Local Site Manager
UniFi Identity Enterprise Account
  • Can access multiple authorized UniFi Consoles remotely. 
  • Can only be managed in Identity Enterprise Manager.
Access UniFi Site Manager by redirecting from Identity Enterprise Workspace

FAQ

Can I use the same email address to create more than one UniFi Identity Enterprise workspace?

No. An email address can be used to activate only one UniFi Identity Enterprise workspace. Here are alternative approaches if you want to use the same email address for the workspace owner across different workspaces.

I have deactivated UniFi Identity Enterprise on a UniFi Console. Can I reactivate it on the console?

Yes. You can reactivate UniFi Identity Enterprise on the UniFi Console in two ways: by creating a new Identity Enterprise workspace on the console or by adding the console to an existing workspace. See this FAQ for details.

Was this article helpful?