UniFi Identity Enterprise - Import AD/LDAP Users to UniFi Identity Enterprise
You can create import rules, schedule import tasks, or perform a manual import to import users from your AD/LDAP to UniFi Identity Enterprise.
Create Import Rules
The Import Rules feature allows you to predefine which UniFi Identity Enterprise group the users will be assigned to when they meet the rule conditions and are imported to UniFi Identity Enterprise.
- Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Click Directory Integration and select your configured directory.
- Go to the Settings > Import Rules.
- Click Add Rule and name your rule.
- Specify CONDITION and ASSIGN TO GROUP: Determine which UniFi Identity Enterprise group the users will be assigned to when they meet the rule conditions and are imported to UniFi Identity Enterprise.
- Click Save.
Notes:
- If multiple conditions are set, users must meet all of them to be imported to UniFi Identity Enterprise.
- Rule conditions must be an exact match. Confirm the exact names of the values you want to use as conditions in your AD/LDAP server.
Manually Import Users
Import Users
- Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Click Directory Integration and select your configured directory.
- Optional: Specify or edit your provisioning and integration settings and import rules. Check Configure AD/LDAP Provisioning and Integration Settings for details.
- Go to the Import tab and click Import User from AD or Import User from LDAP.
- Select your import method:
- Import by rule (Fastest): Import users based on your configured import rules. If you have not configured any import rules, click Rule management to add new rules. When this option is selected, UniFi Identity Enterprise will only import the users who belong to the AD/LDAP group that you have selected in the CONDITION field of import rules.
- Full import (May take a while): When selected, users of the selected OUs will be imported from the AD/LDAP server to UniFi Identity Enterprise.
- Specify the import actions:
-
Automatically confirm the import of users with an exact match:
- If ticked, users with an exact match will be auto-confirmed.
- If unticked, you must manually confirm the exactly matched users.
-
Automatically confirm the import of users with a partial match: This option is available only if the Partial first and last name match option in Provisioning > User Matching and Actions are checked.
- If ticked, the partially matched users will be auto-confirmed.
- If unticked, you must manually confirm the partially matched users.
- Auto-confirm new users: New users will be imported to UniFi Identity Enterprise automatically, without needing confirmation.
- Auto-activate new users: This option is available only if “Auto-confirm new user“ is ticked. Tick it to activate new users once they are imported to UniFi Identity Enterprise, without manual activation.
-
Automatically confirm the import of users with an exact match:
- Click Import and UniFi Identity Enterprise will start importing users.
- This may take some time, depending on the number of users.
- Click Hide or X to hide the window; click View Import to view the import window.
- When the import completes, you will see a window showing the number of users and OUs detected, users imported to UniFi Identity Enterprise, and users who failed to be imported. Click View import failed users to view the details.
- Click OK.
Confirm Imported Users
- After users are imported, the Import Users tab will display a list to show the match level between the AD/LDAP users and UniFi Identity Enterprise users.
- A partial match means the email did not match, but both first and last names matched.
- An exact match means the emails matched.
- Set the actions for each user.
-
Create New User: The user will be imported as a new user.
- If the “Auto-activate new users“ option is enabled in Provisioning > User Matching and Actions, the user status will be Pending and the system will send them an activation email. If the delegated authentication is enabled, the user status will be activated.
- If the “Auto-activate new users“ option is not enabled, the user's status will remain in “Staged“ and no email will be sent until an administrator manually triggers it.
- Specify: Select an existing UniFi Identity Enterprise user who will be replaced by the imported user.
- Merge: This action is available if “Partial Match“ or ”Exact Match“ is enabled in Provisioning > User Matching and Actions. After a successful import, the original directory user data will overwrite the existing UniFi Identity Enterprise user data.
- Ignore: The user will be removed from the pending list and will not be imported.
-
Create New User: The user will be imported as a new user.
- Select users by ticking the checkbox.
- Click Confirm Selection.
- A window prompts to show the number of users created, merged, deactivated, and ignored, depending on the selections made in Settings.
- Click Confirm.