Ubiquiti UniFi cloud controller integration

Integrate your UniFi Cloud Controller (v5+) devices with your MyWiFi account and let your guests connect to the internet through the power of Social WiFi!

Note: 1 UniFi controller site = 1 MyWiFi device . You can only associate a controller and a site once within the MyWiFi platform.  You can, however, add and associate additional sites as devices within MyWiFi, so long as they are operated within the same UniFi Cloud Controller.

UniFi Controller Pre-Setup

You'll need to either create an additional administrator account within your UniFi Cloud Controller or have your existing login credentials handy -- you'll need them to give MyWiFi the ability to: 

  • Enable Guest Portal access on the UniFi site you select.
  • Associate Social Login functionality to a Wireless Network of your choice that you have named mywifi.
  • Authorize the MAC Address of guest devices for Internet access after they connect via Social Login.

NOTE: The credentials we are requesting are collected and stored securely in a 256-bit encrypted format. Our system retrieves and applies these credentials only for the purpose of communicating with your UniFi Cloud Controller API. It performs this strictly for the uses outlined above. We do not share this information with any 3rd parties, and we do not access, collect or use this information for purposes other than the uses outlined above. This means that your username and password are safe, secure, and kept secret, even from us. 

  1. Log in to your UniFi Cloud Controller.
  2. Select Settings.
  3. Select Site.
  4. Create or choose a Site within UniFi that contains the Access Points that you'll be using at your location.
  5. Select Settings.
  6. Select Wireless Networks.
  7. Create a wireless network with these settings:
  • Name/SSID: mywifi
  • Enabled:
  • Security: Open
  • Guest Policy:


MyWiFi setup

  1. Log in to your dashboard.
  2. Select Devices.
  3. Click Add New Device.
  4. Select the Location, enter a Device Name, and choose Ubiquiti.
  5. Enter the Controller URL, for example https://UniFi.yourdomain.com, and the Port; the default is port 8443.
  6. Provide the Controller Username and Password.
  7. Click Proceed.

Once you've hit Proceed, a few actions will be automatically performed by MyWiFi via API access to your cloud controller. We will:

  • Load and associate the wireless network you have created and named “mywifi”.
  • Load and associate the access points with MAC addresses contained within that site.
  • Apply guest control settings to that site -- this will enable the guest portal, external portal server, custom portal IP, custom portal hostname, HTTPS redirection, and set the access control list. 

Confirm UniFi cloud settings

You may now log in again into your UniFi cloud controller to confirm that the settings have been applied successfully.

  1. Log in to your UniFi cloud controller.
  2. Select Settings.
  3. Select Wireless Networks. Here, you can change the name of your network -- it won't affect anything regarding this setup
  4. Select Settings.
  5. Select Guest Control and make sure you're seeing this information:
  • Authentication: external portal server
  • Use Secure Portal:
  • Redirect using hostname: OR securewifilogin.com
  • Enable HTTPS Redirection:
  • Confirm your Access Control - Pre-Authorization Access List.
  • Confirm you have your custom social portal URL listed as Enabled within MyWiFi.

The UniFi Pre-Authorization Access List (what they call their whitelist) does not support wildcard domain names. As such, it is inflexible and might not be entirely accurate in its coverage of whitelisting the appropriate domains necessary.

We attempt to maintain and set an accurate list of all the domains and IP Addresses necessary to perform social logins through the external social networks we support. However, this list may need custom additions/alterations based on the localized version of the social login methods you employ, or custom items you may have in your captive portal process. 

Put another way: We do our best to keep this list as up-to-date and accurate as possible, but sometimes the needs can vary from setup to setup, because of the structure that they have set up. 

Do note that we have added the Facebook IP Range on the list we provision during the setup performed in the earlier steps. We do NOT, however, include the Google IP Range to the provisioning list. More information regarding these IP Ranges can be found in this Ubiquiti Support Guide: https://help.ubnt.com/hc/en-us/articles/115000871247-UniFi-Social-Media-Guest-Authentication

The reason we have omitted the Google IP range but included the Facebook IP range is that whitelisting the Google IP range will prevent the Captive Portal Assistant from launching on Android devices.

It's Important

Please make sure to read the additional notes that make up the rest of this article -- this section contains important information!

Additional notes

Access point changes

If you make changes to your UniFi access points by reconfiguring, adding or removing access points, you will have to refresh the access point lists for the device associated with your UniFi site.

You can refresh your APs by going to Devices within your MyWiFi dashboard. Click the Edit Device link for the device, go to the Access Points tab, and click Refresh.




SSID (Wireless network name)

Your network's SSID is strictly controlled from your UniFi Cloud Controller, under Settings and then Wireless Network. The SSID field in your campaign does not apply to cloud controllers like your UniFi cloud controller.

Guest authorization optimization

Depending on your individual situation, the time between the guest completing the login process and the time they are actually authorized for full internet access by the access point could be up to 60 seconds.

MyWiFi performs the authorization with your UniFi device instantly when the guest finishes the login process -- but there is an additional authorization step between the cloud controller and the access point, and depending on the communication between them, it can cause this delay.

Because of this, we recommend being very conscious of the placement of your devices to make sure that the communication between your devices is as smooth as possible, as well as setting a redirect time of 30 seconds.

Bandwidth and session - Set session limits

Your UniFi integration will allow you to control the session time limit from your MyWiFi control panel. It will not, however, allow you to control bandwidth limits or any other session limits. You can control these options from your UniFi control panel.

To control the session time limit, head to the Settings of your Location Center. You can get there two ways:

  • From Locations in the main menu, click on the dashboard icon for the location you're setting rules for, and then go to Settings and click the Session tab.
  • Or, from Devices in the main menu, click Edit Device, then under the Session tab, hit Edit Location Session Options.

Once you're at the Session tab, you can enable the Session Time Limit and adjust the time using the slider.

Guest bandwidth and session information limitations

Your UniFi cloud controller integration will not import any guest bandwidth or session time information to your dashboard, due to the fact that the UniFi guest access system doesn't support external RADIUS servers for external portal server guest access, and that's how we get that information.

Refresh/reprovision - UniFi cloud controller guest settings

You can refresh or reprovision the settings applied to your UniFi device at any time by navigating to Devices in your MyWiFi dashboard. Click Edit Device and then click Update. This will reprovision all the appropriate settings for guest access.
[These settings are: Guest Portal, External Portal Server, Custom Portal IP, Custom Portal Hostname, HTTPS Redirection, Access Control List].

Automation limitations

The Disconnect trigger is not supported for automations running on UniFi Devices. Automations that are set for this trigger type for locations running UniFi devices will be ignored.

However, these automations will still work properly with any non-UniFi device, even with the location and campaign remaining the same. This is due to the same lack of support for external RADIUS servers as the bandwidth and session information limitations.

Need Help?

If you have any questions, please contact our support team by clicking the support icon located in the bottom right-hand corner of this page.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.