Ubiquiti UniFi Cloud Controller Integration
This guide will assist you in preparing your UniFi Cloud Controller (v5+) for Social Guest Access, and associating it to the MyWiFi system for the purpose of enabling Social Campaigns and Guest authorization through Social Login.
UniFi Controller Pre-Setup
Retrieve the credentials to an existing administrator account OR create an additional administrator account within your UniFi Cloud Controller. This is necessary to grant the MyWiFi System the ability to manage the following items on your behalf:
- To enable Guest Portal access on the UniFi Site you select
- To associate Social Login functionality to a Wireless Network of your choice that you have named “mywifi” [NOTE: You may change this post-setup]
- To authorize the Mac Address of Guest devices for Internet access after they perform the Social Login
NOTE: The credentials we are requesting are collected and stored securely in a 256-bit encrypted format. Our system retrieves and applies these credentials only for the purpose of communicating with your UniFi Cloud Controller API. It performs this strictly for the uses outlined above. We do not share this information with any 3rd parties, and we do not access, collect or use this information for purposes other then the uses outlined above.
In your UniFi Cloud Controller >> Settings >> Site:
Create or identify a SITE within your UniFi Cloud Controller that contains the Access Points you have selected for Guest Access, and that will be associated to the MyWiFi System.
In your UniFi Cloud Controller >> Settings >> Wireless Network:
Create a Wireless Network that will be Enabled for Guest Access and associated to the MyWiFi System for the purposes of Social Guest Access, with the following settings:
- Name/SSID: mywifi
- Enabled: Checked
- Security: Open
- Guest Policy: Checked
- Login into the MyWiFi Dashboard with your MyWiFi Account
- Create/identify an appropriate Social WiFi Campaign with the Social Media Logins and customize it according to your needs.
- Create/identify an Existing Location for your deployment & assign your created Campaign as the Default Campaign for this Location.
Once you have completed these actions you may add the UniFi Cloud Controller as a new MyWiFi Device.
- Click on Devices >> Add New Device button - to bring up the Add Device form
- Select UniFi Cloud Controller from the Supporters Routers dropdown & proceed to enter the following information:
- Name for this Device
- Username/Password credentials for the UniFi Cloud Controller Administrator Account you created previously
- The URL of your UniFi Cloud Controller (excluding PORT)
- Port of the UniFi Cloud Controller
[port 8443 is the DEFAULT port]
- Select the Dashboard Location you have previously created/identified
- Click NEXT once you have entered the appropriate information correctly
- On Step 2: Select the UniFi SITE that you have identified earlier, to associate to the MyWiFi System
- Click on Complete Setup once you have selected a SITE
When you perform this action, the following will be done by the MyWiFi System automatically through API Access to your Cloud Controller:
- Load & Associate the Wireless Network you have created and named “mywifi”
- Load & Associate the Access Points MAC Addresses contained within the Site selected
- Apply Guest Control Settings to the Site Selected [Enable Guest Portal, External Portal Server, Custom Portal IP, Custom Portal Hostname, Enable HTTPS Redirection, Set Access Control List]
Confirm UniFi Cloud Settings
You may now log in again into your UniFi Cloud Controller to confirm the settings have been applied successfully.
In your UniFi Cloud Controller >> Settings >> Wireless Networks:
You may now modify the name of the Wireless Network to one of your choosing. (You may alter the Wireless Network name at any time now or in the future, it will not adversely affect anything regarding this setup)
In your UniFi Cloud Controller >> Settings >> Guest Control:
Ensure you have the following selections.
- Authentication: external portal server
- Use Secure Portal: Checked
- Redirect using hostname: <Your Custom Portal Domain> OR securewifilogin.com
- Enable HTTPS Redirection: Checked
Also please ensure that you have the confirmed your Access Control - Pre-Authorization Access List.
Ensure you have your Custom Portal Domain listed if Enabled within your MyWiFi Dashboard.
The UniFi Pre-Authorization Access List (aka. Whitelist) does not support wildcard domain names. As such it is inflexible and might not be entirely accurate in its coverage of whitelisting the appropriate domains necessary.
We attempt to maintain and set an accurate list of all the domains & IP Addresses necessary to perform social login through the external social networks we support. However this list may need custom additions/alterations based on localized version of the social login methods you employ, or custom items you may have in your captive portal process.
Do note that we have added the Facebook IP Range on the list we provision during the setup performed in the earlier steps. We do NOT however include the Google IP Range to the provisioning list.
More information regarding these IP Ranges can be found in this Ubiquiti Support Guide: https://help.ubnt.com/hc/en-us/articles/115000871247-UniFi-Social-Media-Guest-Authentication
The reason we have omitted the Google IP Range, is because whitelisting the Google IP Range will prevent the Captive Portal Assistant from launching on Android Devices.
Congratulations! You have completed the UniFi Cloud Controller Integration.
Please review the additional information below as it is very important.
Access Point Changes
If you make changes to your UniFi Access Points by Re-Configuring, Adding and/or Removing Acess Points. You will have to Refresh the MyWiFi Access Point Lists for the MyWiFi Device associated to your UniFi Site.
You can perform that by navigating in the MyWiFi Dashboard to Devices >> click on Edit button for the Device Associated to your UniFi Site, and click on the Refresh button located by the Access Point MAC Address List.
SSID [Wireless Network Name]
The Wireless Network name is strictly controlled from your UniFi Cloud Controller >> Settings >> Wireless Network. The SSID field located in the MyWiFi Dashboard >>> Campaign section does not apply to Cloud Controlled Devices such as your UniFi Cloud Controller.
Guest Authorization Optimization
Depending on your individual installation specifications, the time between the Guest completes the Social Login and the time they are actually authorized for full internet access by the Access Point might be of an extended duration (10-60s).
The MyWiFi System performs the authorization to your UniFi Cloud Controller instantly after the Guest completes the Social Login.
However there is an additional authorization step between the Cloud Controller and the Access Point. Depending on the deployment method, location and the communication time, this process can take a considerable amount of time affecting the quality of the guest experience.
We recommend that you optimize your deployment to facilitate optimal communication between the MyWiFi System to your Cloud Controller and between your Cloud Controller and your Access Points.
We also recommend that you set a Campaign Redirect time of 30 seconds.
Bandwidth & Session - Set Session Limits
This UniFi Cloud Controller integration will allow you to control the Guest Session Time limit in the MyWiFi Dashboard. This can be set in the MyWiFi Dashboard >> Location >> Location Edit >> Options tab.
This UniFi Cloud Controller integration will NOT allow you to control Guest Bandwidth Limits or any other Session limits. This can be further controlled at your discretion from the UniFi Cloud Controller.
Guest Bandwidth and Session Information Limits
This UniFi Cloud Controller integration will not import any Guest Bandwidth or Session Time information within the MyWiFi Dashboard. This is because the UniFi Guest Access system does NOT support External RADIUS servers for External portal server guest access. You may view this information in the Client section of the UniFi Cloud Controller and co-relate to the MyWiFi System it by matching up the Guest MAC address.
Refreshing / Reprovision - Unifi Cloud Controller Guest Settings
You may refresh / re-provision the settings applied to your UniFi Cloud Controller at any time by navigating in the MyWiFi Dashboard to Devices >> click the Edit button on the Device Associated to your UniFi Site, and click on the Update button located on the lower right.
This will re-provision all the appropriate settings for Guest Access [Enable Guest Portal, External Portal Server, Custom Portal IP, Custom Portal Hostname, Enable HTTPS Redirection, Set Access Control List].
The "Disconnect" Trigger is not supported on Automations that are attached to Locations and/or Campaigns that are deployed to Unifi Devices. Automations that are set for this trigger type will be ignored. However these Automations still work appropriately on the same Location and/or Campaign that deploy Devices that are not Unifi. This is related to the same limitation previously outlined above: "Guest Bandwidth and Session Information Limits".