Binding an Identity Provider (IdP) To A UniFi Fabric

UniFi supports zero-trust networking by integrating with Identity Providers such as Microsoft Entra (Azure AD), Google Workspace, and LDAP-based directories through UniFi Fabrics. This allows organizations to centrally manage identity, authentication, and access across UniFi services including WiFi, VPN, and Door Access.

Requirements

• A Fabric with Consolidated People Management enabled. For more information, see Getting Started with UniFi Fabrics.

Available Identity Providers (Detailed Guides)

• Microsoft Entra (Azure AD)
• Google Workspace
• Active Directory
• LDAP
• JumpCloud LDAP

Binding an Identity Provider (Overview)

To bind an Identity Provider:

1. Go to Site Manager.
2. Select a Fabric.
3. Navigate to Settings > Identity.
4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
5. Select an Identity Provider and follow the on-screen configuration steps. 
6. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.

In addition to the security benefits of SAML SSO authentication, the Identity Provider uses SCIM protocol to sync users in realtime, facilitating automated employee onboarding and off-boarding.

Identity Sync Service

The Identity Sync Service is the core identity orchestrator facilitating centralized people and their permissions. Once an Identity Provider is bound, it will also act as the SAML authentication broker between the Identity Provider and people signing in to their Identity Endpoint app to use UniFi services such as one-click WiFi, VPN, or Smart Door Access.

Next Steps

After binding an Identity Provider:

• Configuring UniFi Identity Endpoint Services for Secure Zero-Trust Network Permissions
• Create Roles & Assign People Permissions