Unifi and 2FA

Hello all,
I have tried to setup Unifi binding to my controller through PaperUI, but I am getting Configuration Error. Probably reason is that I am using 2FA for my UI.com account and there is no such configuration in Unifi binding. Is there any workaround for it?
Thanks
Jan K.

Hey,

You might consider that a “workaround” I would consider that “the right way” because I’m quite paranoid when it comes to security :smile:
 Don’t use your main Unifi account for OpenHAB, setup a second admin account in Unifi only for purposes of automation (ideally with read-only rights) and use that account instead. That account won’t have 2FA setup which is fine because if it’s read only it can’t do any damage anyway.

This is how I have it setup (even though I use textual configuration) and it works just fine.

Hope it helped.

1 Like

Hello St3veV,
that is exactly what I was looking for. I was looking for any solution that will not compromise my main admin account (e.g. removing 2FA). Your idea is the solution.
Thanks!
Jan K.

AS MFA comes mandatory, does anyone know how to fix?

U can use a local account for this, when setting up this is a selector.
There might be differences between using selfhosted controllers and integrated on hardware controllers.

Not sure how to handle, it forces me to use an email address for a new account on my Dream Machine Pro!?

Instead of the site management I could also find user roles in the OS settings. I added a local user but get errors within unifi:

[WARN ] [g.unifi.internal.api.UniFiController] - Not Authorized! Please make sure your controller credentials have administrator rights

I’ve never set up a user on the phone app. I’ve always used the web browser interface. On the Legacy user interface, I set it up under Settings->Admins. I give the user the role “Administrator”.

It has been the browser on a pc, not the app. How do you access the legacy interface?

Select System from the left menu bar, then select the Advanced tab. Change the Interface setting from New to Legacy.

Now you should see the Admins option on the left menu bar.

BTW, I’m running version 8.1.113 of the Network Controller.

I’ve set it up in the same way, but not for the OS-settings(shoudn’t be necessary).
In OH you do need to tick the ‘Unifi OS’ option and change port from 8443 to 443, saving these settings as bridge then allows to scan for things via this bridge and brings in all active clients and devices/ports.

I do so all time already

Bridge unifi:controller:home “UniFi Controller” [ host=“192.168.186.xx”, port=443, unifios=true, username=“yyy”, password=“zzz”, refresh=60 ]

My userer are organized within the OS Settings, not the network application settings. Changing to legacy UI does not show other options.

I have the same settings via ui for a udmpro:

UID: unifi:controller:Unifi_Network
label: UniFi Network Controller
thingTypeUID: unifi:controller
configuration:
  host: 192.168.16.1
  refresh: 10
  unifios: true
  password: secret
  port: 443
  username: openhab-user
location: location

Might it be that your settings are done via file-provider and as a result might not be loaded upon entering the info?
To check I’d validate in logs if the definition is reloaded once you change something, or rename the file to .things_old and back to .things if you’re using file-provider.

When I change something in thing file, I get a proper notification in the log. I also use around 70 things to detect if defices are online via the same binding successfully.

I just have 2 issues:

So in legacy UI, you don’t see an option for Admins like this?

I run into the same problem. Can’t find any settings to create local admin with 8.2.93

Watching, I have the same problem - MFA for new UnifiOS seems mandatory and not possible to login with created local user under UnifiOS (not network application)

Hi,
I also have some problem with the unifi binding and authorization. I was able to create a user with “restricted to local access only” and give it the “Super Admin” role.

With that user I can interact with my unifi channels at the beginning. But after some time I again get the message “Not Authorized! Please make sure your controller credentials have administrator rights”

When I disable the “Unifi Controller” thing in openhab and reenable it, everything works fine. But after some time the error is back


Does anyone have an idea what could cause this?

Yes, there have been discussions in other threads already. My current assumption is that this is caused by an outdated jetty library. However it cannot be updated because the openHAB project is waiting for an upstream dependency (Karaf). See also discussion here: [WIP] Upgrade Karaf from 4.4.6 to 4.4.7 by holgerfriedrich · Pull Request #4406 · openhab/openhab-core · GitHub

Thx a lot. So I will try to workaround it by always disabling and reenabling the unifi thing before I do any modifications. Not ideal, but I guess it should work.