Cloud Gateways Switching WiFi Physical Security Integrations
What's New Support
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Physical Security Integrations

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. People & Role Management
  4. Fabrics, Identity, and Role-Based Access Control (RBAC)

Integrating Google Workspace with UniFi Fabrics

UniFi Fabrics allow you to centrally manage people and permissions by integrating with Google Workspace as an Identity Provider (IdP). This enables secure, SAML-based authentication and automated user lifecycle management across UniFi services such as WiFi, VPN, and Door Access via the Identity Endpoint app.

For a list of other supported Identity Providers, see Binding an Identity Provider (IdP) To A UniFi Fabric.

Requirement

  • Fabric with Consolidated People Management enabled. For more information, see Getting Started with UniFi Fabrics.
  • A supported Google Workspace Subscription: Frontline Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus,  or Enterprise Essentials Plus

Set Up Google SAML and Sync Users

  1. Go to Site Manager.
  2. Select a Fabric.
  3. Navigate to Settings > Identity.
  4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
  5. Select Microsoft Entra from the list of IdPs to bind.
  6. Click Proceed.
  7. Sign in to your Google Admin console.
  8. Navigate to Apps > Web and mobile Apps > Add app > Add custom SAML app.

  1.  Provide the requested app details, and click Continue.
  1. Click DOWNLOAD METADATA and click Continue.

  1. Paste the ACS URL and Entity ID from UniFi into your Google Admin
  2. Click FINISH.
  3. Go back to UniFi and upload the Google IdP Metadata file and click Apply Changes.
  4. Go to Google Admin > Apps > LDAP. If you do not see the LDAP tab, use the search bar to look for LDAP, and open it. 
  5. Click Add Client and enter the app name.
  6. Grant all Access Permissions
    • Tick Entire domain options in Verify user credentials and Read user information fields.
    • Enable Read group information.

image (8).png

  1. Click Add LDAP Client.
  2. Download the certificate and unzip it. Click CONTINUE TO CLIENT DETAILS.

  1. Navigate back to UniFi and upload the certificate and key file.
  2. Enter the primary domain, which can be found in Google Admin Console > Account > Domains > Manage domains.

  1. Go to Google Admin > Apps > LDAP.
  2. Ensure that the Service status is ON.
  3. Select the client you just created, and click Authentication.
  4. Click Generate New Credentials.
  5. Navigate back to UniFi and paste the Username and Password.
  6. Select users to be synced and click Next.
  7. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.
Was this article helpful?