Cloud Gateways Switching WiFi Physical Security Integrations
What's New Support
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Physical Security Integrations

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. People & Role Management
  4. Fabrics, Identity, and Role-Based Access Control (RBAC)

Integrating Microsoft Entra with UniFi Fabrics

UniFi Fabrics allow you to centrally manage people and permissions by integrating with Microsoft Entra (formerly Azure AD) as an Identity Provider (IdP). This enables secure, SAML-based authentication and automated user lifecycle management across UniFi services such as WiFi, VPN, and Door Access via the Identity Endpoint app.

For a list of other supported Identity Providers, see Binding an Identity Provider (IdP) To A UniFi Fabric.

Requirements

  • Fabric with Consolidated People Management enabled. For more information, see Getting Started with UniFi Fabrics.
  • A Microsoft Entra ID tier that supports unlimited SSO.
  • You must be assigned the Cloud Application Administrator role in Azure.
  • Your Microsoft Entra tenant must be set up.

Additional Features

  • Sync user groups from Entra into UniFi requires a Microsoft Entra ID P1 or P2 license.
  • Sending email-based invitations to onboard users to Identity Endpoint requires an Exchange Online plan, included in most Microsoft 365 licenses (e.g., Business Standard, E3, E5).

Method 1: Auto Setup (Recommended)

  1. Go to Site Manager.
  2. Select a Fabric.
  3. Navigate to Settings > Identity.
  4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
  5. Select Microsoft Entra from the list of IdPs to bind.
  6. Click Proceed.
  7. Sign in to Microsoft Entra from the window that appears. 
  8. Read and accept the Permission request.
  9. Wait for authorization and SCIM setup to finish.
  10. Select to import All People (without Group Metadata), or Specific Groups (with Group Metadata).
  11. Click Apply Changes.
  12. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.

Method 2: Manual Setup

  1. Go to Site Manager.
  2. Select a Fabric.
  3. Navigate to Settings > Identity.
  4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
  5. Select Microsoft Entra from the list of IdPs to bind, and enable the checkbox for Manual Entra Setup.
  6. Click Proceed.
  7. Sign in to the Microsoft Entra admin center with the role of at least a Cloud Application Administrator.
  8. Go to Azure services and click Enterprise applications.

  1. Click New application.
  2. Click Create your own application, enter the app name, select Integrate any other application you don't find in the gallery (Non-gallery), and click Create.

  1. Go to 2. Set up single sign on and click Get Started.

  1. Click SAML.

  1. Go to Basic SAML Configuration and click Edit.

  1. Paste the Identifier and Reply URL from UniFi into Entra.
    Frame 1.png
  2. Click Save and then close out the Basic SAML Configuration window.
  3. Go to SAML Certificates and Download the Federation Metadata XML.

  1. Go back to UniFi and upload the Federation Metadata XML file obtained from Microsoft Entra. Click Apply Changes.
  2. Return to the Enterprise Application you created in Microsoft Azure, and navigate to Provisioning (within the Manage category).
  3. Click New Configuration.
  4. Paste the Tenant URL and Secret Token obtained from UniFi.
  5. Click Test Connection.
  6. Once the connection is successful, click Create.
  7. Return to UniFi and click Apply Changes.
  8. Follow Microsoft’s help article to create and assign users to the Enterprise application.
  9. Once users are created and assigned to the application, navigate to Provisioning (within the Manage category) > Overview.
  10. Click Start provisioning.
  11. (Optional) Return to UniFi and Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.
Was this article helpful?