UniFi - Social Media Guest Authentication

Overview


This article provides the steps to enable guest authentication with Facebook and Google+. 

Notes & Requirements
  • Applicable to UniFi Controller 5.4.2.1 and later
  • In order to use 3rd party guest authentication, you must have a publicly-resolvable hostname pointing to your controller. If your company already uses a public domain, such as example.com, you may want to set up a subdomain such as portal.example.com. There are a variety of Dynamic DNS providers where you can register a hostname, then have your USG update it to your WAN IP

Table of Contents


  1. Introduction
  2. Facebook App Setup
  3. Google+ API Setup
  4. UniFi Controller Setup
  5. Related Articles

Introduction


Back to Top

Social media guest authentication can be enabled to allow clients to login to a guest network using their Facebook or Google+ credentials. Start by creating a facebook app, google+ API login, or both.


Facebook App Setup


Back to Top

1. Register a Facebook App

Use the guide HERE to register a Facebook authentication app, keeping this help article open for reference.

Step 3 prompts you to choose a display name for your application. Choose a name that will represent your WiFi portal. Users will see this when authenticating.  For this example, I’ll use the name "CMurphy Hotspot Login," and keep the default email, which is the email linked to my Facebook account. For Category, I’ll use Communication. Category isn’t critical here, so feel free to use a different category if it better represents your business.

pic1.png

You will be prompted to either enter a quick-start guide, or go back. If you click go back, you can get to the dashboard by clicking My Apps in the top right corner. Select Choose Platform > Website to begin the quick start quide. 

2. Complete Facebook Website Quick Start.

pic2.png

Choose Website.

Under Tell us about your website, enter the domain name of your controller as the Site URL. Next, click Skip to Developer Dashboard.

3. App Settings

Navigate to Settings in the sidebar to open up the basic app settings.

pic3.png

App ID and App Secret will be automatically assigned to your app. Choose a Display Name and Namespace for your app - these can be anything, but users will see them when authenticating.

Under both App Domains and Site URL, enter the domain or subdomain of your controller.

If you’d like, you can add URLs for privacy policy and terms of service, as well as an App Icon. These are not required for proper function, but will improve professional feel of the login portal.

Be sure to save your changes.

 

4. Add Product

Next, click Add Product, then Facebook Login to create the login page.

 

5. Add Controller Subdomain and Port

Under Facebook Login settings, include the controller domain or subdomain along with ports 8880 and 8843. Use the toggle options in the below image.

http://domain.com:8880/

https://domain.com:8443/

pic4.png

Save changes before continuing. 

6. Publish App

Finally, publish the app with App Review > Make [App Name] Public, and click Confirm.

pic5.png

If you are setting up Google authentication as well, continue reading. Otherwise, skip to Controller Setup.


Google+ API Setup


Back to Top

1. Enable Google Login

Use the Enable the Google+ API Guide HERE to enable Google login.

Step 6a in the above guide prompts the admin to enter the app origin. In this case, it will be the subdomain, followed by port 8880. Note the Client ID and Client Secret, which will be used later in the Controller Setup.

 

Note

If client device gets a redirect error after setup, add the redirect URI below under "Authorized redirect URIs" in the above step:


UniFi Controller Setup


Back to Top

1. Activate Guest Policies

Once you have configured your Facebook or Google app, open your publicly hosted controller. Begin by activating Guest Policies.

 

2. Configure the Guest Portal

Next, open the Guest Control tab to configure the guest portal. Select Hotspot authentication. If you wish, enter a Promotional URL to forward clients to your website after they are authenticated. Select Redirect using hostname, and enter your controller subdomain. Select Enable HTTPS Redirection.

 

3. Activate Third Party Authentication Method

Under Hotspot, select the third party authentication methods that you wish to activate. Enter the ID and Secret for the selected app(s).

 

4. Add Facebook's Public IPs

Under Access Control, add the following list of public IPs that Facebook uses:

31.13.24.0/21

31.13.64.0/18

45.64.40.0/22

66.220.144.0/20

69.63.176.0/20

69.171.224.0/19

74.119.76.0/22

103.4.96.0/22

129.134.0.0/16

157.240.0.0/16

173.252.64.0/18

179.60.192.0/22

185.60.216.0/22

204.15.20.0/22

 

5. Test the Guest Network

Finally, use a device to connect to the guest network and verify that the guest portal works properly.


Related Articles


Back to Top

UniFi - Hotspot Portal Customization

UniFi - Guest Network Setup

UniFi - Viewing Guest Connection Information

Powered by Zendesk