The “UniFi Identity” software/service offered for Ubiquiti’s UniFi series is interesting. Simply put, it’s a function that allows you to control each user’s Wi-Fi and VPN connections, but it’s very easy to set up, with only 2-3 steps for the administrator to implement the settings, and one click of a button. It’s an amazing feature.
It also achieves both “enhanced security” and “easy configuration,” which were contradictory, and is also simple and secure. In addition, there is also a cloud version of UniFi Identity Enterprise that includes functions such as device management and workflow, which can be said to bring innovation to networking equipment for small and medium-sized enterprises.
Radius? Wireguard? Automatically handles annoying settings
In a sense, UniFi Identity can be described as “connectivity as a service.”
What you need to do as an administrator is enable the feature and specify who should be allowed to connect and what connections. That's it. More specifically, you can invite users, specify whether you want to allow them to connect to your Wi-Fi or VPN, and automatically deploy Wi-Fi or VPN connections to only those users.
Previously, the initial steps were to register an SSID to connect to, set up a RADIUS server for user authentication, and add users. If you also wanted to use a VPN, you would need to select a protocol, start a VPN server, register users for authentication, distribute certificates to users to connect, and perform a variety of other settings. However, with UniFi Identity, all of these annoying setups are done automatically behind the scenes.
In other words, anyone can easily implement user-based Wi-Fi/VPN connection control with just a few clicks.
Furthermore, the paid cloud version of UniFi Identity Enterprise can be linked to external authentication functions such as Entra ID and Google Workspace, as well as workflow functions that implement user management (leave requests and purchase orders), and help desk ticket processing functions. The system can be further expanded by providing devices, device management and access control (attendance) that can be integrated with intercom devices and card readers sold separately.
One of the appeals of Ubiquiti products is the ability to enjoy a DIY network, but UniFi Identity gives the impression that the more advanced functions can now be used by a wider range of users.
UniFi Identity Overview
Now, let's take a more specific look at what UniFi Identity is.
UniFi Identity is a software for UniFi gateways (routers) that provides the following functions: As mentioned above, there is a free version and a paid version, but the free version is a local software that runs on the gateway and can be used for free without any special license.
There are many UniFi gateways on sale, and the available functions and required versions vary by model, so please refer to the link below for details, but please refer to the link below for details, but please refer to the UniFi Dream Router and UniFi Dream, which have appeared in this magazine in the past, and the UniFi Cloud Gateway Ultra, etc.
▼ Explanation from Ubiquiti
UniFi Identity Overview
If you're using a compatible device, a tab called “Identity Settings” will appear in the “Administrators & Users” section of “OS Settings”, where you can select the functions you want to use. Additionally, the “Users” and “Groups” tabs allow you to manage which users and groups can use this feature.
There are many functions that can be used as shown in the general diagram above, but functions such as “One-Click Electric Vehicle Charging” and “Entry/Exit Control by Phone” require separate compatible devices (depending on the model). A separate Wi-Fi access point.) The most commonly used options are “One-Click Wi-Fi” and “One-Click VPN.”
Try setting up Wi-Fi/VPN with one click
Now, let's take a look at the specific setup method. However, the setup is very easy, as shown in the image below.
All the administrator has to do is “Run the job” and “Register the user and allow the job”. The necessary settings will now be registered automatically.
For example, One-Click Wi-Fi automatically applies the following settings:
- SSID: UniFi Identity
- Wi-Fi band: 2.4GHz + 5GHz (band steering)
- Security Protocol: WPA2 Enterprise
- Radius settings
- Secret: Automatically generated
- RADIUS user: uid-[اسم المستخدم]([email protected] to [email protected])
- RADIUS User Password: Auto-generated
Additionally, if you are using a VPN server, the following settings will be applied automatically:
- VPN Type: WireGuard
- Name: UCG-Ultara (in this example it was UniFi Cloud Gateway Ultra)
- Private Key: Automatically generated
- Public Key: Automatically generated
- Server Address: WAN Side Address: 51820
- client
- Customer Name: Username + Device Name (Goro Tanaka's mobile phone)
- Interface IP address: Automatically assigned (192.168.3.2)
- Public Key: Automatically generated
- IP Gateway: Auto Configuration
- DNS Server: Automatic Configuration
Previously, administrators had to configure these settings correctly, but now everything is “deployed” automatically.
Setting up users is also simple. Install the app by clicking the link in the invitation email, and for the first time, you will have to set up two-factor authentication by setting a password from the account creation screen.
When you log in to the app with this account, you will see icons for One-Click Wi-Fi and One-Click VPN that have been approved by your administrator. All the SSIDs, username, password, etc. required to connect are already set, so with a simple click, the connection will be established along with the device's Wi-Fi and VPN functions.
Since users and administrators also don't know the different passwords unless they investigate them, there is no need to worry about Wi-Fi or VPN passwords being leaked due to human error. Moreover, to log in to the app, two-factor authentication using UniFi Verifi app, SNS authentication, passkey (using Windows Hello), etc. is required, which prevents unintended users from connecting.
This means you can easily create an advanced Wi-Fi/VPN environment by skipping many annoying tasks like general design and settings.
UniFi Identity Enterprise manages identities in the cloud.
The on-premises version of UniFi Identity is quite adequate, but if you upgrade to the cloud version of UniFi Identity Enterprise, you can use even more useful functions.
First, it's compatible with large-scale environments. The paid UniFi Identity Enterprise plan (currently available in the US only, previewed in Japan) lets you manage multiple sites (locations) and up to 1,000 users.
It is also possible to collaborate with external ID providers, using Active Directory, LDAP, Microsoft 365 (Entra ID), Google Workspace, etc. as an authentication platform, or conversely, using UniFi Identity users to connect to Microsoft 365 and Google Workspace.
I tried setting up Google Workspace single sign-on, but the information needed for setup (sign-in URL, certificate, etc.) was clearly displayed on the screen, and I couldn't access it from the Setup Help. It's designed to be fairly easy to set up, with a setup guide that includes the actual values to set.
In addition, it has a rich logging function that records detailed information such as connection failure. This allows you to check details such as the user, device, and access point that the connection failed to.
With the ability to use these functions, it will be easy to consider introducing them even in medium-sized or larger environments.
Provides various additional functions.
In addition, additional functionality is provided that uses the ID management functions and software (agents) installed on the device, allowing you to do the following:
Workflow and Applications
Workflow applications such as leave requests and purchase requisitions can be created without code. A manager can be assigned as a user property, and the request will be notified to the manager, who will then decide whether to approve it or not.
It is a complete no-code application environment, and you can use the form editor to place parts such as text and reference registered users. It is also possible to set conditions in the workflow, such as changing the workflow path depending on the size of the payment amount.
Device Management
It can collect information about devices on the network, including data such as operating system version and installed software (features must be enabled separately).
It also has MDM functionality, and by enrolling Windows devices (Pro version required) or Mac devices, it is possible to lock, configure, apply policies and install software remotely.
Provide experimental features
In addition, lab functions currently under development have been pre-released, including “Presence”, which allows work to be managed in conjunction with access control devices such as UniFi Intercom, and “Presence”, which allows temporarily opening the access door by registering visitors. “Visitors” are also pre-released, as well as functions for linking to external applications (Slack) (e.g., ticket notifications for the help desk, etc.).
In this way, with Enterprise, it becomes possible to use it as an application server, which goes beyond being a simple communication device. Depending on the idea, it may be possible to perform complex processing alongside business applications.
It's interesting, but I have some concerns about the paid service…
As mentioned earlier, I have already used the UniFi Identity installed in Ubiquiti's UniFi series, and I can say that it is a very interesting function.
I was impressed by the ease of the free version, but I was also surprised by the versatility of the Enterprise version. Ultimately, identity management becomes the core of an organization's system management, so I would like to commend the author's suggestion in this regard.
On the other hand, I personally have concerns about the Enterprise version being offered and the potential for fees. The good thing about the UniFi series is that the controller and other items are free, which helps keep monthly costs down (although currency exchange has been a big factor lately…).
UniFi Identity Enterprise this time is a cloud service for businesses, as the name suggests, so it can't be helped, but it's increasingly paid and subscription-based, so it won't be out of reach for individual enthusiasts and I would pray like that.
“Travel maven. Beer expert. Subtly charming alcohol fan. Internet junkie. Avid bacon scholar.”
More Stories
Enjoy a hot cigarette while looking at whales and tropical fish under the sea ⁉︎ “Ploom Dive” is an amazing spatial video experience using Apple Vision Pro
Apple Watch now supports sleep apnea, watchOS 11 released – Impress Watch
ASCII.jp: New macOS Release! macOS Sequoia 15 Can Display Your iPhone Screen on Your Mac!