UniFi Identity Enterprise - Add Users and Manage Their Statuses

UniFi Identity Enterprise centralizes user identity management and enables you to add or import users, manage user lifecycles and their access to your workspace resources, and simplify user provisioning and de-provisioning. To manage users, go to Organization > Members > Users.

User Status

Status Description
Active The user has set their new password and can now sign in to UniFi Identity Enterprise.
Staged The account invitation email has not been sent to the user, and the user hasn't activated their account.
Pending The account invitation email has been sent to the user, but they cannot sign in to UniFi Identity Enterprise until they have set a permanent password.
Password Expired The user’s password has expired so they cannot sign in to UniFi Identity Enterprise.
Password Reset A password reset email has been sent to the user. They cannot sign in to UniFi Identity Enterprise unless a new password is set.
Locked The user has reached the maximum number of failed login attempts allowed by a password policy or has reached consecutive 5 failed MFA attempts. Users in this state cannot sign in to UniFi Identity Enterprise.
Suspended The user has been suspended by a UniFi Identity Enterprise admin. They will not be able to sign in to UniFi Identity Enterprise unless an admin restores it to the user's previous status.
Deprovisioning The user has been deactivated by an admin, and the system is still revoking their resource access permissions. The user cannot sign in to UniFi Identity Enterprise.
Deactivated The user has been deactivated by an admin and all their resource access permissions have been revoked. The user cannot sign in to UniFi Identity Enterprise. Deleting the deactivated user will remove them from UniFi Identity Enterprise. Admins need to assign resources to them again if they activate the deactivated user.

Add Users

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Organization > Members > Users.
  3. Click the Add icon and select "Add New User".
  4. Fill in the general information.
    • Users must verify their account email address on initial sign-in: The user must activate their account through the invitation email.
    • Users must change their account password on initial sign-in: The user must change their password when they sign in to UniFi Identity Enterprise for the first time.
  5. Fill in the job information (optional).
  6. Click Assign Group to assign the user to groups.
  7. Click Assign Role to assign the user to roles.
  8. Tick the "Assign Resources" checkbox and click Continue if you want to assign resources to the user. Or leave the checkbox unticked and click Add.
  9. Click Send Invitation Email to send the user an account invitation email to allow them to activate their account and start exploring UniFi Identity Enterprise. Or click Skip to add the user without sending them an invitation email. Note that a user cannot activate their account unless an invitation email is sent to them.

Activate Staged Users

  1. Go to Identity Enterprise Manager > Organizations > Members > Users.
  2. Click the Filter icon in the right upper corner and tick the Staged checkbox.
  3. Do either of the following:
    • To activate Staged users in batch: Select users > click Activate in the black prompted window > Confirm. Once confirmed, they can follow the instructions in the activation email sent to them to activate their accounts.
    • To activate a Staged user: Click a user, go to Overview, and select Activate or Send Activation Email from the dropdown menu.

Activate a Deactivated User

Administrators can activate users in the Deactivated status. The activated users will receive an account activation email. Once the accounts are activated, the user status will change to Active.

  1. Go to Organization > Members > Users.
  2. Select a user in the Deactivated status.
  3. Select "Activate" from the dropdown menu of the prompted panel.
  4. Follow the on-screen instructions to specify the user's profile and assign resources to them if needed. Click Activate.
  5. An activation email will be sent to the user.

Deactivate or Delete a User

Once a user is deactivated, their resource access permissions will be revoked and their status will change to Deprovisioning. After all permissions have been revoked, the user status will change to Deactivated.

Only users in the Deactivated status can be deleted. A deleted user will be removed from your UniFi Identity Enterprise workspace.

Deactivate a User

  1. Go to Organization > Members > Users.
  2. Select a user.
  3. Select "Deactivate" from the dropdown menu of the prompted panel.
  4. Click Deactivate.

Delete a Deactivated User

  1. Go to Organization > Members > Users.
  2. Select a deactivated user.
  3. Select "Delete" from the dropdown menu of the prompted panel.
  4. Click Delete.

Suspend or Unsuspend a User

Users who are suspended can no longer sign in to UniFi Identity Enterprise nor access the resources in the workspace.

Suspend a User

  1. Go to Organization > Members > Users.
  2. Select a user.
  3. Select "Suspend" from the dropdown menu of the prompted panel.
  4. Click Confirm.

Unsuspend a User

  1. Go to Organization > Members > Users.
  2. Select a suspended user.
  3. Select "Unsuspend" from the dropdown menu of the prompted panel.
  4. Click Unsuspend.

Manage a User Password

Reset a User Password

Once you reset a user's password, the user status will change to Password Reset, and a password reset email will be sent to the user's email address.

Users in this status cannot sign in to UniFi Identity Enterprise unless they set a new password through the password reset email. After the password has been reset, the user status will change to “Active”.

  1. Go to Organization > Members > Users.
  2. Select a user.
  3. Select "Reset Password" from the dropdown menu of the prompted panel.
  4. Click Confirm.

Expire a User Password

Once you expire a user's password, a temporary password will be generated. The user needs to use this temporary password to sign in to UniFi Identity Enterprise and is subsequently required to create a new password for their account.

  1. Go to Organization > Members > Users.
  2. Select a user.
  3. Select "Expire Password" from the dropdown menu of the prompted panel.
  4. Tick the "Send an email to the user with a temporary password" checkbox if you want to send an email with a temporary password to the user. Click Confirm.

Unlock a User Account

Locked user accounts can be unlocked by users themselves or by admins, or can be unlocked automatically if a password policy is set up to unlock accounts after a specified period.

  1. Go to Organization > Members > Users.
  2. Select a user in the Locked status.
  3. Select Unlock from the dropdown menu of the prompted panel.

Change User Status in Bulk

  1. Go to Organization > Members > Users.
  2. Tick the checkbox of the users in the same status. You can click the Filter icon in the upper-right corner to filter users.
  3. Click Actions.
  4. Select a desired action from the prompted window and click Confirm.

Note: By default, if you expire passwords in bulk, emails containing temporary passwords will be sent to users.

Was this article helpful?
1 out of 6 found this helpful