How to integrate RADIUS and MAC Authentication with Ubiquiti Unifi Access Point

Table of Contents

Navigate To

Access Point Integrations: RADIUS and Onboarding SSID Setups

MDM / EMMs Integrations: Certificate Auto-Enrollment API Gateway

Identity Provider Integrations: Certificate Enrollment

Identity Provider Integrations: RADIUS Authentication

RADIUS Integrations Microsoft NPS Cisco ISE Extreme Control Aruba Clearpass Radiator

Dynamic RADIUS with IdPs Azure AD Okta

VPN Integrations: RADIUS Setups

Creating a MAC Authentication Identity Provider in SecureW2

This section describes the steps to create an Identity Provider and configure it for MAC Authentication:

Log in to the JoinNow MultiOS Management Portal.
Navigate to Identity Management > Identity Providers.
Click Add Identity Provider.
In the Name field, enter the name of the identity provider.
In the Description field, enter the suitable description for the identity provider.
From the Type drop-down list, select MAC Authentication
Click Save.
The page refreshes and the Conditions tab is displayed.
Select the Conditions tab.
Click Add Device.
In the MAC Address field, type the MAC Address of the device you need to authenticate.
Click Save.
Click Update.

To configure a role policy, perform the following steps:

Log in to the JoinNow MultiOS Management Portal.
Navigate to Policy Management > Roles Policies.
Click Add Role.
In the Name field, enter a name for your role policy.
In the Display Description field, enter a suitable description.
Click Save.
The page refreshes and the Conditions tab appears.
Select the Conditions tab.
From the Identity Provider drop-down list, select the Identity Provider you created with MAC Authentication type. NOTE: Devices for MAC Authentication must be added in this Identity Provider.
Click Update.

Navigate to Policy Management > Network Policies.
Click Add Network Policy.
In the Name field, enter a name for your network policy.
In the Display Description field, enter a suitable description.
Click Save.
Select the Conditions tab.
Select Match All or Match Any based on your requirement to set an authentication criteria. In the case explained here, we are selecting Match All.
Click Add rule.
Expand Identity and click Select adjacent to the Role option.
Click Save.
The Role option appears under the Conditions tab.
From the Role Equals drop-down list, select the role policy you created earlier (refer Creating a Role Policy section).
Click Update.

Follow the below steps to set-up MAC based Authentication using Unifi:

Log in to the Unifi Portal.
On the left pane, select Profiles.
Click Create New RADIUS Profile.
In the New RADIUS Profile page, for the Name field, enter the name for your RADIUS profile.
Under the RADIUS Assigned VLAN Support section, select the Enable checkbox for Wireless Networks.
In the RADIUS Settings section, for Authentication Servers, enter the IP Address, Port and Shared Secret. From the JoinNow MultiOS Management Portal (navigate to RADIUS > RADIUS Configuration), copy the IP Address, Port, and Shared Secret and paste them in the IP Address, Port, and Shared Secret fields in the Unifi.

NOTE: The details of the RADIUS profile must be from the Organization in which MAC based authentication IDP was created in the Creating a MAC Authentication Identity Provider in SecureW2 section.
After entering the RADIUS details, click Add. section.
Click Apply Changes.

To create a new Wi-Fi Network in Unifi:

Log in to the Unifi Portal.
On the left pane, select WiFi.
Click Create New WiFi.
In the New WiFi Network page, for the Name field, enter a suitable name for your Wi-Fi network.
From the Network drop-down list, select Default.
Toggle the Advanced option to Manual.
Under the Security section, for Security Protocol, select Open.
Under the Device Filtering section, select the Enable checkbox for RADIUS MAC Authentication.
For RADIUS Profile, select the RADIUS Profile which is configured with MAC Based Authentication.
Click Apply Changes.