Managing MFA/2FA for your UniFi Controller

Securing your network access is super important. Two-factor authentication (2FA) or Multi-factor authentication (MFA) offers an additional layer of security that helps protect your network resources. As the name suggests, it requires multiple forms of identification before granting access.

In this blog post, I'll go in on the importance of 2FA, how it works with UniFi, and provide a step-by-step guide on setting it up to secure your network.

Let's get in!

Why Multi-/Two-Factor Authentication?
How MFA/2FA works with UniFi
Setting Up MFA/2FA on UniFi
Final thoughts

Why Multi-/Two-Factor Authentication?

Two-factor authentication improves the security of your network. It adds an extra verification step in the login process. Here’s why:

Better security: 2FA reduces the risk of unauthorized access, even if a user’s password is compromised.
Mitigate damage: It can limit the damage caused by phishing attacks, key logging, and other malicious activities.
Regulatory compliance: Many industries require 2FA to meet regulatory standards for data protection and privacy.

How MFA/2FA works with UniFi

UniFi offers built-in support for 2FA. It integrates with the UniFi Controller / UniFi Network via a Ubiquity account. 2FA on UniFi requires users to enter not only their password, but also a verification code generated by an authentication app on their smartphone.

Even if a password is compromised, the chances of an attacker gaining unauthorized access are minimal with this setup. It's also straightforward to install.

Setting Up MFA/2FA on UniFi

Implementing two-factor authentication in your UniFi network involves several steps. Here they are:

Step 1: Setting Up MFA in Ubiquity

Multi-factor Authentication (MFA) keeps your Ubiquiti account safe. Ubiquiti offers authentication through apps and email, as well as backup recovery codes.

Note: We or Ubiquiti cannot reset MFA for you, so make sure to have backup methods in place.

Sign in or create an account at account.ui.com. Make sure to use the same credentials as your user in your UniFi controller.
Go to your My Security section.
Choose your desired MFA Option. Ubiquiti recommends using the UI Verify app (iOS / Android) for seamless single-click authentication to your mobile device.

Note: Ubiquiti automatically enables email authentication to prevent accidental lockout, which may result if you lose the device associated with your selected authentication method.

Step 2: Enable SSO in your UniFi Controller / UniFi Network

Open your controller: You can find the URL in your dashboard.
Go to Settings: Click on the settings cog on the bottom left of the UniFi dashboard.
Go to System: Click on "System" in the sidebar
Enable setting: Sync Local Admins with SSO

Enable Sync Local Admins with SSO screen
Create an admin: Make sure to create an admin account in your UniFi Controller with the same username, email, and password as your Ubiquiti account

Step 3: Test the 2FA Implementation

Log out of the UniFi Controller and log back in to test the new authentication process. You should be prompted to enter your Ubiquity credentials and the code from your authenticator app.

Final thoughts

Two-factor authentication is a necessary security feature for every UniFi network. By adding an extra layer of security, 2FA helps protect sensitive data and it's straightforward to setup.

You probably don't need assistance setting up your 2FA, but for configuring and managing your network reliably, securely and efficient you might. At UniHosted, we provide managed UniFi Controllers to improve your network efficiency. Especially, if you are an MSP or IT-service business looking for flexible and scalable network deployments, this is something for you.

Feel free to give us a spin! Additionally, I'm happy to walk you through personally. You can schedule a call with me (Founder of UniHosted) here.