Upgrading to UniFi Identity Enterprise
Identity Enterprise is our subscription service that allows you to centrally manage user permissions across all UniFi Sites. If you are looking for a free UniFi Identity or UniFi Identity Hub management solution, see here.
| Update your UniFi OS and UniFi Identity Enterprise Agent to the latest versions for the newest features and optimal performance. |
Requirements
Before upgrading to UniFi Identity Enterprise, ensure that you have met the following requirements:
- You are the UniFi OS Owner.
- Your UniFi Console model is listed in the table below.
| Model | One-Click WiFi | One-Click VPN | Door Access | Camera Sharing | EV Station | AD/LDAP Integration |
| Dream Machine Base (UDM-Base) | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ |
| Dream Machine Pro (UDM-Pro) | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dream Machine SE (UDM-SE) | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dream Machine Pro Max (UDM-Pro-Max) * | ✓ (Requires UAP) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dream Wall (UDW) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Network Video Recorder (UNVR) | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ |
| Network Video Recorder Pro (UNVR Pro) | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ |
| CloudKey Gen2 Plus (UCKP) | ✓ (Requires a Gateway) | ✓ | ✓ | ✓ | ✓ | ✓ |
| CloudKey Gen2 (UCK) | ✓ (Requires a Gateway) | ✓ | ✗ | ✗ | ✗ | ✓ |
| CloudKey Enterprise (UCK-Enterprise) | ✓ (Requires a Gateway) | ✓ | ✗ | ✗ | ✗ | ✓ |
| Cloud Gateway Max (UCG-Max) ** | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Enterprise Fortress Gateway (EFG) *** | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ |
* Requires Dream Machine Pro Max 4.0.3 (EA) or later.
** Requires UniFi OS 4.1 or later.
*** Requires UniFi OS 4.0 or later.
Data and Configuration Migration
| Important: We strongly recommend that you back up your UniFi Console before upgrading to UniFi Identity Enterprise. |
-
NFC Card and PIN: Users’ NFC cards and PINs can be imported to Identity Enterprise when the following requirements are met:
- You have never added a UniFi Console with NFC cards or PINs registered to your current workspace. If you have multiple consoles to add, only the NFC cards and PINs registered in the first console can be imported to your workspace. Even if you remove the first console from your workspace, the NFC cards and PINs of the remaining consoles still need to be re-registered.
- You have imported UniFi OS users to Identity Enterprise.
-
Mobile Access, One-Click WiFi, One-Click VPN, EV Station, and Camera: Users can access these resources assigned to them using their Identity Enterprise apps when the following requirements are met:
- You have imported UniFi OS users to Identity Enterprise and sent invitation emails to them.
- Your users have activated their Identity Enterprise accounts.
Create a New Workspace
Requirements
- Your email address has never been used to create an Identity Enterprise workspace. See the FAQ for details.
- Your UniFi Console has never activated more than 3 workspaces. Otherwise, please add your console to an existing workspace.
Starting from UniFi OS 4.1, the UniFi Console Owner and Admins can no longer create new Identity Enterprise workspaces in the user interface. To create a new workspace, fill in the workspace request form.
Customize Workspace Domain
Once your Identity Enterprise workspace is created, the system will automatically generate a workspace domain. Your Identity Enterprise users can access their workspace via https://[your workspace domain].ui.com. To customize your workspace domain, please follow the steps here.
Add a Console to an Existing Workspace
After you have created and activated your UniFi Identity Enterprise workspace, you can add multiple consoles to your workspace.
Note: A site or workspace can include multiple UniFi Consoles, but a UniFi Console can only be added to one site or workspace.
- Go to your Site Manager (https://unifi.ui.com/) > select a console > Settings > Identity and enable UniFi Identity Endpoint, if not already.
- Go to Manage and click Add to an Existing Workspace.
- Obtain the security token from Identity Enterprise Manager. Only the Workspace Owner, Super Admins, and custom roles with permissions to edit UniFi Console can generate a security token.
- Go to Identity Enterprise Manager > Settings > UniFi Consoles > Consoles > Add Console.
- Enter the token description, set the validity period, and click Create. Verify your account with an MFA method.
- Copy the token. The token expires in 10 minutes.
- Paste the token and click Add.
Understand Account Types
This table outlines each account type and its respective permission(s). Refer to this article for more information on connecting to UniFi Site Manager or Local Site Manager.
| Account | Description | Purpose |
| UI Account |
|
|
| Local Credentials |
|
Access Local Site Manager |
| UniFi Identity Enterprise Account |
|
Access UniFi Site Manager by redirecting from Identity Enterprise Workspace |
FAQ
Can I use the same email address to create more than one UniFi Identity Enterprise workspace?
No. An email address can be used to activate only one UniFi Identity Enterprise workspace. Here are alternative approaches if you want to use the same email address for the workspace owner across different workspaces.
- Deactivate your current workspace and then apply for a new workspace.
- Apply for a new workspace using a different email address, and then transfer the workspace ownership to your email address after the workspace is activated.
I have deactivated UniFi Identity Enterprise on a UniFi Console. Can I reactivate it on the console?
Yes. You can reactivate UniFi Identity Enterprise on the UniFi Console in two ways: by creating a new Identity Enterprise workspace on the console or by adding the console to an existing workspace. See this FAQ for details.