Manage UniFi Organization Users and Admins

Effectively managing users and administrators is a core part of any UniFi Organization. This article explains how user and admin roles work in an Organization, including requirements, permission types, and how centralized management is enabled through Identity Hub.

If you haven't already set up Identity Hub, or if you're adding a new site to an existing Identity Hub deployment, make sure to review Identity Hub Configuration.

For a detailed breakdown of roles and permissions, independent of Organizations, see UniFi Roles Explained.

Requirements

To enable centralized admin and user management, your UniFi sites must meet the following system requirement:

• Minimum Required Version: UniFi OS 4.2.5 or later

While sites running earlier versions will still appear within the Organization, new Organization admins, users, and policies will not apply to those sites. Access will be limited to the Org Owner and any previously assigned site-level admins.

Note that centralized admin and user management will be coming soon for the following platforms:

• Self-Hosted UniFi Network Server
• Official UniFi Hosting
• UniFi Network Attached Storage Pro (UNAS Pro)

Admins

In UniFi, Admins are individuals with access to a site’s management interface, whether for viewing or full configuration.

There are two types of admins within an Organization:

1. Organization Admin

• Has full control across all sites in the Organization, functionally equivalent to a “super admin” on each site.
• Can manage global Organization features such as Identity Hub, Site Magic (SD-WAN), and more.
• Automatically inherits permissions for any new sites added to the Organization

2. Site Admin

• Granted access to specific site(s) only.
• Permissions can be scoped to view-only or full management depending on need.
• Does not inherit access to newly added sites

Configuring Admins

1. Navigate to Organization>Admins.
2. Open the Admins tab.
3. Click Add Admin or select an existing admin to modify their permissions

Note: Admins are currently assigned using UI Account email addresses. Support for managing admins via your Identity Provider (IdP) is coming in a future update.

Users

Users, distinct from admins, are individuals who interact with your IT infrastructure—such as employees or contractors—who need access to services like VPN, WiFi, or Door Access. 

Configuring Users

Users are centrally managed through Identity Hub. If you haven’t done so, start by Creating an Identity Hub for Your Organization.

If Identity Hub is not yet set up, users must continue to be managed individually within each UniFi Site, as before.

Assigning User Permissions and Onboarding to Identity Endpoint

Once Identity Hub is active, you can centrally assign user access to the following services at the Organization level:

• One-Click VPN (including Split-Tunnel Routing) using the Identity Endpoint App
• One-Click WiFi using the Identity Endpoint App
• Door Access Permissions and Unlock Methods

For instructions on how to enable services, assign users permissions, and onboard them to the Identity Endpoint App, see UniFi Organization User Permissions and Identity Endpoint Setup.

Support for additional services will be added over time. For now, the following must still be configured within each individual UniFi Site:

• UniFi Talk Users and Softphones
• UniFi Protect Camera Sharing
• UniFi Drive File Access
• UniFi Connect EV Charging