Enabling Microsoft Authentication

As a user with a UniPhi Administrator license, log into UniPhi and navigate to Configuration -> Authentication.

In the "Microsoft Authentication" card, press the "Enable" button:

An Admin Consent link will be displayed on screen, your Microsoft Entra Administrator must follow this link and grant approval for users from your Organisation to log into UniPhi using their Microsoft Account.

If you have users from different Organisations accessing your UniPhi deployment, then an Entra Administrator from each Organisation must grant their Admin Consent.

The prompt to grant Admin Consent will look like this:

What Entra Permissions are required?

UniPhi will request rights to Sign in and read user profile, which essentially amounts to requesting the users Name, Email and unique ID in Entra.

Entra App Registrations and Enterprise Apps

During the setup of a new UniPhi deployment, or as part of the upgrade to UniPhi v21, an App Registration is automatically created in the UniPhi Entra tenancy to support SSO. The name of the app registration will match the URL used to access UniPhi, eg: pmo.uniphi-software.com

When Admin Consent is granted by an Entra Admin for this App Registration, it will appear in that tenants Entrprise Apps withion Microsoft Entra. Admin Consent can be revoked at a later date within the Enterprise App, or by deleting the Enterprise App.

Authentication and Authorisation

The Microsoft Entra tenancy is responsible for Authentication - ensuring that a person attempting to log in is who they say they are.

Once this is established, the user is returned back to UniPhi where Authorisation occurs, checking if that user has been assigned a UniPhi license and if so, which areas of the system they can see.

For this reason, a security group in Entra is not required, since UniPhi access is controlled by the UniPhi Administrators within UniPhi itself.

Is two-factor Authentication Supported?

Since Authentication is being performed by Microsoft Entra, whatever policies are implemented there will be applied when logging into UniPhi, including enforcing 2FA.