UniFi Identity Enterprise - Manage Security Policy and Rule

You can create attribute-based security policies to secure UniFi Identity Enterprise accounts, SSO apps, passwords, network connections, and approvals. Security policies assess users' risk factors, such as IP, client device, device platform, behavior, and risk level.

  • Once a workspace is created, a default security policy with rules will be created automatically and applied to all workspace users and resources. This default policy cannot be modified. However, you can create custom security policies and prioritize them over the default policy.
  • Once a security policy is created, at least one security rule must be created to define the conditions under which the policy will be applied. A policy without a rule will not take effect.
  • Policy conditions include applied users, apps, approvals, and VPN. Rule conditions include network, client, and risk score. To be matched with a policy, a user's sign-in context and requested resources must meet the conditions of the policy and its associated rules.

Note: Only users with the Owner, Super Admin, and IT Admin roles can create security policies and their associated rules. Note that IT Admin is only available by default in workspaces created before February, 2023.

Manage Policies

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Policy.
  3. Click Sign-On, Password, VPN, SSO Apps, or Approval based on the type of policy you want to manage.
  4. Perform the following actions based on your tasks:
Tasks Actions
Prioritize policies Press and drag a customized policy to change its priority. A policy with a higher priority takes precedence over policies with a lower priority.
Note: The default policy has the lowest priority, and most of the settings cannot be modified.
Edit policies
  1. Click a policy.
  2. Edit the necessary information. Refer to the related articles for instructions on security policy configuration.
  3. Click Save to apply the settings.
Enable, disable, or remove a policy 1. Click Manage and select a customized policy.
2. Click Enable, Disable, or Remove.
3. Confirm your operation in the prompted window.
4. Verify your identity with an MFA method as necessary.

Manage Rules

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Policy.
  3. Click Sign-On, Password, VPN, SSO Apps, or Approval based on the type of policy you want to manage.
  4. Select a policy and scroll down to the Rules section.
  5. Perform the following actions based on your tasks:
Tasks Actions
Prioritize rules Press and drag a rule to change its priority. A rule with a higher priority takes precedence over the rules with a lower priority.
Notes: The default rule has the lowest priority, and most of the settings cannot be modified.
Edit a rule
  1. Hover your mouse over a rule.
  2. Click Edit.
  3. Edit the necessary information. Refer to the related articles for instructions on rule configuration.
  4. Click Save to apply the settings.
Delete a rule 1. Hover your mouse over a rule.
2. Click Delete.
3. Click Confirm to confirm the action.
4. Verify your identity with an MFA method as necessary.
Enable or disable a rule 1. Hover your mouse over a rule.
2. Click Edit.
3. Tick the "Enable this rule" checkbox to enable this rule or untick to disable this rule.
Was this article helpful?
0 out of 1 found this helpful