Skip to main content
All CollectionsUniFiUniFi - Security
UniFi - How to setup 2FA/MFA
UniFi - How to setup 2FA/MFA

How to add multi-factor authentication (MFA/2FA) to your UniFi controller

Alex Lowe avatar
Written by Alex Lowe
Updated over a week ago

Enabling multi-factor authentication (MFA/2FA) is a very important thing to do for ensuring good account security and preventing unwanted access. In this guide we'll cover how to enable 2FA for a local user on a UniFi controller and also, the Ubiquiti SSO account.

If you want fast and reliable UniFi hosting, check out HostiFi with fast support, regular backups, managed updates and prices from just $9 per month.

If you are interested in learning more about our hosting plans, create an account and get started today.

Enabling 2FA for Ubiquiti SSO

See our guide here which explains how to tie your Ubiquiti SSO to a HostiFi UniFi Controller.

To enable MFA/2FA on your Ubiquiti SSO account, visit account.ui.com

Then, go to Security

Enter in your password to change any settings

Click Add new method to add a new 2FA/MFA option

Choose between UI Verify, Passkey, Email or Authentication app

Our recommendation would be Authentication app - However, there is now the option of Passkey too which offers better security.

Once selected, a QR code is shown. If using a mobile app, scan the QR code and follow the instruction or if using Safari, right click and click on 'Set up Verification Code' and follow the instructions.

Enabling 2FA for a local account

If you have a local only account that you wish to enable 2FA/MFA on, you will need to tie the Ubiquiti SSO account to the local account. To do this, please follow this guide here.

Currently, it isn't possible to add 2FA/MFA to a local account only, Ubiquiti requires you to use the Ubiquiti SSO credentials to log in, in order to use 2FA/MFA. Once you have done this, make sure to use the Ubiquiti SSO credentials to log in.

If the Administrator user has a corresponding Ubiquiti SSO account with the same email address, once you log in this will be automatically tied to it.

Once you add new users to the UniFi Controller, these will be tied to their Ubiquiti SSO account and will have no local only credentials.

HostiFi

HostiFi provides hosting for both Ubiquiti and TP-Link software-defined-networking (SDN) applications, with servers for UniFi, UISP and Omada. We also offer professional networking consulting, with HostiFi Pro.

If you run into any issues, send an email to support@hostifi.com or contact us via live chat.

Did this answer your question?