UniFi - Social Media Guest Authentication

Overview


This article provides the steps to enable guest authentication with Facebook and Google+. 

Notes & Requirements
  • Applicable to UniFi Controller 5.4.2.1 and later
  • In order to use 3rd party guest authentication, your controller must be running on a publicly accessible domain. This is required for Facebook/Google to communicate with the guest portal. The domain that the controller is on will be referred to as “domain,” or “domain.com” while the individual subdomain that the controller is run on will be referred to as “subdomain,” or sub.domain.com.

Table of Contents


  1. Introduction
  2. Facebook App Setup
  3. Google+ API Setup
  4. UniFi Controller Setup
  5. Related Articles

Introduction


Back to Top

Social media guest authentication can be enabled to allow clients to login to a guest network using their Facebook or Google+ credentials. Start by creating a facebook app, google+ API login, or both.


Facebook App Setup


Back to Top

1. Register a Facebook App

Use the guide HERE to register a Facebook authentication app. Step 4 asks the user to choose a platform for the application. Select Facebook Canvas.

 

2. Complete Facebook Canvas Quick Start.

You will be directed to the Quick Start for Facebook Canvas. Enter an App Name in the provided file to begin. After completing the Quick Start, click Skip to Developer Dashboard to continue.

 

3. Go to Settings

Click Settings in the sidebar to open up the basic app settings:

 

4. Edit Settings

Settings in Green are established by the Facebook development tool:

  • App ID: Number assigned to your app. Will be used in UniFi Controller setup.
  • App Secret: Password assigned to your app. Will be used in UniFi Controller setup.
  • Canvas Page: Automatically reflects the app Namespace.

Settings in Blue are admin-specified, and should be chosen to reflect your preferences:

  • Display Name: This name be displayed when clients authorize via Facebook.
  • Namespace: This name will appear in the URL when clients authorize via Facebook.
  • Contact Email: use an email that the admin has access to.
  • Terms of Service URL: Optional. Include URL of the network’s Terms of Service here.

Settings in Orange must be correctly entered for proper functionality

  • App Domains: Enter your controller subdomain here.
  • Privacy Policy URL: Include URL of your network’s Privacy Policy here.
  • Secure Canvas URL: Enter your domain here.
  • Mobile Site URL: Enter your domain here.

Toggles on this page may be left on NOClick Save Changes to apply the settings.

 

5. Add Product

Next, click Add Product, then Facebook Login to create the login page.

 

6. Add Controller Subdomain and Port

Under Facebook Login Settings, include the controller subdomain along with port 8880 (Or 8843 if you are using Secure Portal), and use the following toggle options:

 

7. Save Changes

Click Save Changes to apply the settings. If you are setting up Google authentication as well, continue reading. Otherwise, skip to Controller Setup.


Google+ API Setup


Back to Top

1. Enable Google Login

Use the Enable the Google+ API Guide HERE to enable Google login.

Step 6a in the above guide prompts the admin to enter the app origin. In this case, it will be the subdomain, followed by port 8880. Note the Client ID and Client Secret, which will be used later in the Controller Setup.

 

Note

If client device gets a redirect error after setup, add the redirect URI below under "Authorized redirect URIs" in the above step:


UniFi Controller Setup


Back to Top

1. Activate Guest Policies

Once you have configured your Facebook or Google app, open your publicly hosted controller. Begin by activating Guest Policies.

 

2. Configure the Guest Portal

Next, open the Guest Control tab to configure the guest portal. Select Hotspot authentication. If you wish, enter a Promotional URL to forward clients to your website after they are authenticated. Select Redirect using hostname, and enter your controller subdomain. Select Enable HTTPS Redirection.

 

3. Activate Third Party Authentication Method

Under Hotspot, select the third party authentication methods that you wish to activate. Enter the ID and Secret for the selected app(s).

 

4. Add Facebook's Public IPs

Under Access Control, add the following list of public IPs that Facebook uses:

31.13.24.0/21

31.13.64.0/18

45.64.40.0/22

66.220.144.0/20

69.63.176.0/20

69.171.224.0/19

74.119.76.0/22

103.4.96.0/22

129.134.0.0/16

157.240.0.0/16

173.252.64.0/18

179.60.192.0/22

185.60.216.0/22

204.15.20.0/22

 

5. Test the Guest Network

Finally, use a device to connect to the guest network and verify that the guest portal works properly.


Related Articles


Back to Top

UniFi - Hotspot Portal Customization

UniFi - Guest Network Setup

UniFi - Viewing Guest Connection Information

Powered by Zendesk