UniFi Identity Enterprise - Passwordless Sign-In
Passwordless sign-in provides both enhanced security and convenience by eliminating the reliance on passwords, which can be weak and easily guessable. With passwordless sign-in, users can sign in to UniFi Identity Enterprise using their Verify mobile apps or passkeys without entering their passwords.
Note: The Identity Enterprise app currently does not support passwordless sign-in.
Before You Start
Once passwordless sign-in is enabled:
- The following will be automatically enabled in Security > MFA: Passkey, Verify mobile app’s OTP and verification prompt, and the Set as a passwordless sign-in method option.
-
Default Rule for Passwordless Sign-In will be automatically created under the Default Sign-On Policy in Security > Identity Firewall > Policy > Sign-On.
- The default rule allows all workspace users to sign in to UniFi Identity Enterprise using passkeys or Verify mobile app.
- This rule cannot be modified or deleted.
Enable Passwordless Sign-In
- Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Go to Settings > Users > Sign in to UniFi Identity with and enable "Passwordless sign-in".
Customize Passwordless Sign-In Rules
A passwordless sign-in rule defines whether the applied users are allowed to access UniFi Identity Enterprise and which MFA method (Verify verification prompt or passkeys) can be used for signing in to UniFi Identity Enterprise without entering a password.
Customized passwordless sign-in rules take precedence over "Default Rule for Passwordless Sign-In". The default rule is applied if none of the user's sign-in conditions matches any of the customized rules.
- Go to Security > Identity Firewall > Policy > Sign-On.
- Do either of the following:
- Select an existing sign-on policy, scroll down to Rules, and click Create New.
- Click + New Sign-On Policy and specify the required information.
- Fill in the required fields, go to Conditions, and set And if their passwordless sign-in is to "Enabled". Note that when set to "Enabled", the And if their identity provider is option will be automatically hidden.
- Go to Actions and select Allowed.
- Go to the MFA field to select one or multiple MFA methods. You can also add a secondary MFA method. Users can use the selected methods to sign in to UniFi Identity Enterprise without entering a password.
Learn more about UniFi Identity Enterprise sign-on policy and rule.