This article examines the key features of UniFi IDentity (UID) and demonstrates how a UID administrator can configure them. Upgrade your UniFi OS Console to its latest firmware version to access these features.
If you haven't set up your UID workspace and the UID Agent application, do both first by following the processes outlined in UniFi IDentity - Getting started.
- Set up Single Sign-on (SSO)
- Multi-factor authentication (MFA)
- Create security policies
- Manage your workspace users
- Create and manage UID WiFi
- Create and manage UID VPN
- Set up and manage UID Access
- Create and send a notice to a user
Set up Single Sign-on (SSO)
Your workspace’s SSO engine utilizes SAML for Google and Microsoft, which allows users to log in to UID using their credentials from either provider. Users can choose to sign in with either Google or Microsoft under the UID credential fields.
Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is an added layer of security used to verify an end user's identity when they sign in. UID admins have the option to configure authentication methods for all workspace users or allow users to set up their own MFA methods.
Read more about MFA in our multi-factor authentication article.
Create security policies
UID allows admins to create sign-in policies that enforce group or role-specific credential requirements.
To create a new policy:
- Log in to UID with an Owner or Super Admin account.
- Go to the Security > Security Policy page.
- Expand either the UID Sign-On Policy or Password Policy section and click Add.
Note: Every policy must include at least one rule to be applied. If no custom policies exist, default policy terms will apply to all users unless they are edited or deleted.
- In the UID Sign-On Policy section, you can define when a user’s login attempt will be allowed or denied.
- In the Password Policy section, you can set password requirements and expiration timeframes.
Created rules and policies are listed in the Security Policy section. You can edit or delete them any time from here.
Manage your workspace users
UID administrators can edit each workspace user’s role and access, or delete their profile entirely.
Administrators can also change user statuses in the Users section by specifying a user, then selecting one of the following dispositions from the dropdown in the bottom-right corner of the page:
- Staged: An account activation email has been sent to the user.
- Pending: An account invitation email has been sent to the user, but they cannot log in to UID until they have set a new, permanent password.
- Active: The user has set their new password and can now log in to UID.
- Password Expired: The user’s password has expired and they cannot log in to UID.
- Password Reset: A password reset email has been sent to the user. They will not be able to log in to UID until they’ve set a new password.
- Locked: The user has either made more failed login attempts than permitted by the Password Policy or exceeded five, consecutive MFA verification failures. Users in this state cannot log in to UID.
- Suspended: The user has been suspended by a UID admin. They will not be able to log in again until an admin reverts this status back to the one the user previously held.
- Deprovisioning: The user has been deleted by an admin and cannot log in to UID.
- Deactivated: A UID admin has performed a resignation operation on the user. They can no longer log in to UID or access any door connected to a UniFi Access deployment. Admins can delete deactivated users. Once done, they will be removed from the UID workspace.
Administrators can use default UID user roles, create custom ones, or organize users into groups to simplify the process of applying security policies or making bulk user changes.
To easily find users and visualize their position within your company, either:
- Click the rocket icon in the upper-right corner of your main dashboard to access the Directory section, then click the Org Chart tab, or.
- Log in to UID with an admin account, then go to Users > Org Chart.
Users must have at least one supervisor associated with their profile to be viewable in the organization chart.
Create and manage UID WiFi
Note: A Dream Machine (UDM) or Dream Machine Pro (UDM Pro), and at least one UniFi Access Point (UAP) is required to create a UID WiFi network.
UID WiFi is automatically deployed after setting up the UID Agent application on your UniFi OS Console. If automatic deployment is disabled, the following must be done manually.
For more information on the UID WiFi configuration, see UniFi IDentity - Manage UID WiFi.
Create and manage UID VPN
To create a UID VPN, configure a port forwarding rule in the UniFi Network application, then complete the VPN configuration in UID by selecting One-click VPN.
Set up and manage UID Access
You can manage your UniFi Access system with the UID application by updating your UniFi OS to UniFi IDentity. To use UID Access, you must first set up UniFi IDentity and install the UID Agent application.
If you haven’t yet, please do so by following the processes outlined in our UniFi IDentity - Getting started article.
After you’ve completed this initial configuration, you will see a new door icon in the far-left sidebar menu of your UID Manager Portal. Click the icon to open the UID Access section and manage all aspects of UID Access including, but not limited to:
- Setting up sites, floors, and doors
- Door access policy creation
- Door unlock scheduling
- Door guard features
- UID Visitor features
- Access logging
Create and send a notice to a user
Note: Only a workspace Owner and Super Admin can create and send user notices. This feature is only available in the UID web application.
To create and send a user notice:
- Log in to the UID Cloud application and click the UID Admin Portal.
- Click the Notice icon in the My Applications section.
- Click Create in the top-right corner of the page.
- Enter the notice’s title and description, then click the Notify To button to specify which user(s) will receive it.
- Click Done to send the notice to the selected recipients.
Note: Go to My Applications > Notice section to see all created notices.