Unifi and 2FA

jkosatko · October 29, 2020, 7:37pm

Hello all,
I have tried to setup Unifi binding to my controller through PaperUI, but I am getting Configuration Error. Probably reason is that I am using 2FA for my UI.com account and there is no such configuration in Unifi binding. Is there any workaround for it?
Thanks
Jan K.

St3veV · October 31, 2020, 4:38pm

Hey,

You might consider that a “workaround” I would consider that “the right way” because I’m quite paranoid when it comes to security … Don’t use your main Unifi account for OpenHAB, setup a second admin account in Unifi only for purposes of automation (ideally with read-only rights) and use that account instead. That account won’t have 2FA setup which is fine because if it’s read only it can’t do any damage anyway.

This is how I have it setup (even though I use textual configuration) and it works just fine.

Hope it helped.

jkosatko · October 31, 2020, 6:53pm

Hello St3veV,
that is exactly what I was looking for. I was looking for any solution that will not compromise my main admin account (e.g. removing 2FA). Your idea is the solution.
Thanks!
Jan K.

Matthias_Kaufmann · April 18, 2024, 2:01pm

AS MFA comes mandatory, does anyone know how to fix?

j.hoekstra · April 27, 2024, 3:25pm

U can use a local account for this, when setting up this is a selector.
There might be differences between using selfhosted controllers and integrated on hardware controllers.

Matthias_Kaufmann · May 2, 2024, 2:49pm

Not sure how to handle, it forces me to use an email address for a new account on my Dream Machine Pro!?

Matthias_Kaufmann · May 2, 2024, 3:01pm

Instead of the site management I could also find user roles in the OS settings. I added a local user but get errors within unifi:

[WARN ] [g.unifi.internal.api.UniFiController] - Not Authorized! Please make sure your controller credentials have administrator rights

mhilbush · May 2, 2024, 8:37pm

I’ve never set up a user on the phone app. I’ve always used the web browser interface. On the Legacy user interface, I set it up under Settings->Admins. I give the user the role “Administrator”.

Matthias_Kaufmann · May 2, 2024, 8:44pm

It has been the browser on a pc, not the app. How do you access the legacy interface?

mhilbush · May 3, 2024, 1:04am

Select System from the left menu bar, then select the Advanced tab. Change the Interface setting from New to Legacy.

Now you should see the Admins option on the left menu bar.

BTW, I’m running version 8.1.113 of the Network Controller.

j.hoekstra · May 4, 2024, 12:38am

I’ve set it up in the same way, but not for the OS-settings(shoudn’t be necessary).
In OH you do need to tick the ‘Unifi OS’ option and change port from 8443 to 443, saving these settings as bridge then allows to scan for things via this bridge and brings in all active clients and devices/ports.

Matthias_Kaufmann · May 7, 2024, 1:15pm

I do so all time already

Bridge unifi:controller:home “UniFi Controller” [ host=“192.168.186.xx”, port=443, unifios=true, username=“yyy”, password=“zzz”, refresh=60 ]

My userer are organized within the OS Settings, not the network application settings. Changing to legacy UI does not show other options.

j.hoekstra · May 7, 2024, 2:30pm

I have the same settings via ui for a udmpro:

UID: unifi:controller:Unifi_Network
label: UniFi Network Controller
thingTypeUID: unifi:controller
configuration:
  host: 192.168.16.1
  refresh: 10
  unifios: true
  password: secret
  port: 443
  username: openhab-user
location: location

Might it be that your settings are done via file-provider and as a result might not be loaded upon entering the info?
To check I’d validate in logs if the definition is reloaded once you change something, or rename the file to .things_old and back to .things if you’re using file-provider.

Matthias_Kaufmann · June 14, 2024, 9:19am

When I change something in thing file, I get a proper notification in the log. I also use around 70 things to detect if defices are online via the same binding successfully.

I just have 2 issues:

How to login if 2FA is active
Cannot trigger reconnect of devices successfully

mhilbush · June 15, 2024, 4:04pm

So in legacy UI, you don’t see an option for Admins like this?

messiah · July 14, 2024, 12:11pm

I run into the same problem. Can’t find any settings to create local admin with 8.2.93

somy · August 27, 2024, 5:16pm

Watching, I have the same problem - MFA for new UnifiOS seems mandatory and not possible to login with created local user under UnifiOS (not network application)

markus_pfleger · November 3, 2024, 10:06am

Hi,
I also have some problem with the unifi binding and authorization. I was able to create a user with “restricted to local access only” and give it the “Super Admin” role.

With that user I can interact with my unifi channels at the beginning. But after some time I again get the message “Not Authorized! Please make sure your controller credentials have administrator rights”

When I disable the “Unifi Controller” thing in openhab and reenable it, everything works fine. But after some time the error is back…

Does anyone have an idea what could cause this?

DrRSatzteil · November 3, 2024, 10:23am

Yes, there have been discussions in other threads already. My current assumption is that this is caused by an outdated jetty library. However it cannot be updated because the openHAB project is waiting for an upstream dependency (Karaf). See also discussion here: [WIP] Upgrade Karaf from 4.4.6 to 4.4.7 by holgerfriedrich · Pull Request #4406 · openhab/openhab-core · GitHub

markus_pfleger · November 3, 2024, 10:37am

Thx a lot. So I will try to workaround it by always disabling and reenabling the unifi thing before I do any modifications. Not ideal, but I guess it should work.