Support Downloads Community

UniFi Video is an obsolete product line.

This application and its related devices will no longer receive any manner of technical support, including functional and security updates. Additionally, there will be no further updates to Help Center content pertaining to UniFi Video.

UID - Enable Single Sign-On (SSO)

The UID Workspace is equipped with Single Sign-On with SAML for Google and Microsoft when using the Pro Plan. This feature allows users to log into UID using their credentials from either of these Identity Providers. If enabled, users will see the option to sign in with Google or Microsoft under the UID credential sign-in fields. 

Set up Google SSO for UID

To set up Google SSO for UID:

1. Log in to the Google Admin console at https://admin.google.com and navigate to Apps > SAML Apps

2. Go to Add App > Add custom SAML app and provide the requested app details and click continue.

3. Download the IdP metadata, you will need this file in step 5.

4. Log into UID and go to UID Cloud > Security > Identity Provider, click on Google integration.

identity-provider-google.png

5. Enable Google integration by changing its Status and upload the Metadata File you downloaded in step 3. Click Save. Do not close this page yet.identity-provider-google.upload-metadata.png

6. Go back to the Google Admin console and fill in the ACS URL and Entity ID in the Service Provider details page with the information seen in the UID Identity Providers section from step 5. Click Continue.

google-add-saml.png

7. Go to the Attribute mapping section and use the Add Mapping button to add these three values as follows:

Google Directory attributes

App attributes

Primary email

email

First name

first_name

Last name

last_name

google-add-saml-attributes.png

Click Finish to save your settings.

To enable Google SSO:

1. On the Google Admin site, go to the app details page and expand the User access section.

google.user-access.png

2. Enable the IdP by selecting ON for everyone. If you wish to only enable it for a specific UID organization, use the Organizational Units dropdown on the left hand menu to make your selection.

google.add-for-everyone.png

3. Click Save to finish. 

Note: Google warns it may take up to 24 hours for all users to see the Google login option.

google-sso.png

Set up Microsoft SSO for UID

To set up Microsoft SSO for UID:

1. Log in to the Microsoft Admin console at https://portal.azure.com/.

2. On the left navigation panel, go to Menu > Azure Active Directory > Enterprise applications.

3. In the Application Type menu, select All applications, and click New application.

microsoft.new-application.png

4. Click Create your own application, and enter the requested information. Click Create when you’re done.

  • Provide a name for the application
  • Select the Non-gallery option

microsoft.create-application.png

Note: If there’s no application displayed after this process, please refresh the web page.

5. Select Single sign-on > SAML. Do not close this page yet.

6. Log into UID and go to UID Cloud > Security > Identity Providers and select Microsoft.

7. Generate an Identity (Entity ID) and switch on the Status toggle to enable the Microsoft integration. Do not close this page yet.

microsoft.generate-entity-id.png

8. Go to the Microsoft Azure > Set up Single Sign-On with SAML page and Edit the Basic SAML Configuration data, substituting the default with the following:

  • Reply URL (Assertion Consumer Service URL) as seen in the previous UID page
  • Entity ID as seen in the previous UID page
  • Relay State with https://login.uid.alpha.ui.com
  • Click Save.

microsoft.basic-saml-config.png

9. Download the Federation Metadata XML file from the SAML Signing Certificate section.

microsoft.download-federation-metadata.png

10. Go back to the UID Cloud > Microsoft integration page and upload the Federation Metadata XML. Click Save. 

identity-provider-microsoft.choose-federation-metadata.png

11. Back on the Microsoft Azure > Set up Single Sign-On with SAML page Edit the User Attributes & Claims section. 

12. Click Add new claim to add each of these claims:

Name

Source

Source Attribute

Email

Attribute

user.mail

First_name

Attribute

user.givenname

Last_name

Attribute

user.surname

Note: You do not need to fill the Namespace field.

microsoft.add-attributes.png

To enable Microsoft SSO:

1. Go to Microsoft Azure > Users and groups > Add user.

microsoft.add-users.png

2. Select the Users and click Select to add them all.

microsoft.select-users.png

Note: You may test if the configuration was successful by going to Microsoft Azure > Single Sign-on and selecting Test > Sign in as current user.

microsoft.test.png

Once the configuration is complete, any user on the Assignment list selected in step 2 will be able to use Microsoft SSO when logging into UID.

microsoft-sso.png

Was this article helpful?
2 out of 3 found this helpful