2MFA on login to UDM

[yaggayoyo]

The application only works if 2FA is disabled for login to UDM-Pro. Please provide option for 2fa users.

[yaggayoyo]

Hello?

[xtreme22886]

Hello,

How are you enabling 2FA? I just logged onto my UniFi controller and I don't see a way to enable 2FA. Looking at this doc, I only see instructions on how to enable 2FA for https://account.ui.com, and not at the local controller.

What do you have entered in my app's 'UniFi Controller Address' field? You should connect my app to your local UniFi controller and not to Ubiquiti's Cloud account. Not sure if that'll make a difference. Let me know.

Thanks

[yaggayoyo]

Thank you for responding.

It’s enabled via account.ui.com but i use the same account to login to my UDM Pro and the MFA applies there also.

Sent from my iPhone

On Aug 24, 2021, at 9:44 PM, xtreme22886 @.***> wrote:

 Hello,

How are you enabling 2FA? I just logged onto my UniFi controller and I don't see a way to enable 2FA. Looking at this doc, I only see instructions on how to enable 2FA for https://account.ui.com, and not at the local controller.

You should connect my app to your local UniFi controller and not to Ubiquiti's Cloud account.

Thanks

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[xtreme22886]

Gotcha, thanks for the info. Every time I have ever worked with an API, 2FA is not possible. You either have to get an API token or something like that. Does account.ui.com allow you to create any type of token?

See the issue with 2FA and scripted solutions, is the script (my app) has to connect/authenticate with the controller every time it goes to check for presence status. There would be no way for the script/app to perform that 2FA process (since the 2FA code is unique every time). So we'll need some type of access token or API key or something static that the script uses. Can you see if account.ui.com has any feature like that? If not, maybe the only solution would be to create a new admin account on the controller w/o 2FA and use that account with my app.

Hope that helps

[yaggayoyo]

I looked at the portal. No option to create a token. What level of user is needed to auth to UDM? I see 3 types: Super Admin, Limited Admin and Member.

[xtreme22886]

I'm not sure actually. I doubt 'member' will work. I would think either 'Limited Admin' or 'Super Admin'. 'Super Admin' will most definitely work. I'd first try 'Limited Admin' and if that does not work, switch it over to 'Super Admin'.

Once you make and save the changes in my app, you can browse to http://:9443/unificlients and see if you get a list of clients. If you do, then that level of account is working.

[yaggayoyo]

SOLVED!!

Here is what I did.

1. Created a local account with "limited admin" permissions and View Only rights to all of UI Services.
2. Adding that account to Smartthings UI Presence smart app
3. I could "view a list of UniFi clients"
4. Celebrated!!

[xtreme22886]

Awesome!!! Thanks for the update and am glad everything is working for you :)