UniFi Fabrics Identity Provider (IdP) Integration

UniFi supports zero-trust networking by integrating with Identity Providers such as Microsoft Entra (Azure AD), Google Workspace, and LDAP-based directories through UniFi Fabrics. This allows organizations to centrally manage identity, authentication, and access across UniFi services including WiFi, VPN, and Door Access.

Requirements

• A Fabric with Consolidated People Management enabled. For more information, see Getting Started with UniFi Fabrics.

Binding an Identity Provider

To bind an Identity Provider:

1. Go to Site Manager.
2. Select a Fabric.
3. Navigate to Settings > Identity.
4. Select an Identity Provider and follow the on-screen configuration steps.
5. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.

In addition to the security benefits of SAML SSO authentication, the Identity Provider uses SCIM protocol to sync users in realtime, facilitating automated employee onboarding and off-boarding.

Identity Sync Service

The Identity Sync Service is the core identity orchestrator facilitating centralized people and their permissions. Once an Identity Provider is bound, it will also act as the SAML authentication broker between the Identity Provider and people signing in to their Identity Endpoint app to use UniFi services such as one-click WiFi, VPN, or Smart Door Access.

Next Steps

After binding an Identity Provider:

• Configuring UniFi Identity Endpoint Services for Secure Zero-Trust Network Permissions
• Create Roles & Assign People Permissions