MFA for Ubiquiti UniFi
UniFi runs the wireless and gateway for a fast-growing share of offices, and its enterprise Wi-Fi and VPN can authenticate users over RADIUS. By default that's a single factor — a shared or phished password gets an attacker onto the network. Authnull becomes the RADIUS profile UniFi points to and adds MFA on 802.1X Wi-Fi and Teleport/VPN logins. You create a RADIUS profile in the UniFi controller, attach it to the network or WLAN, and a factor is required to associate or connect.
Ubiquiti UniFi forwards the login; Authnull adds the factor.
The UniFi gateway/controller forwards authentication to Authnull over RADIUS; Authnull validates the primary credential, challenges for the factor where the client supports it, and returns Access-Accept. For 802.1X, pair with a certificate for the smoothest experience.
Configure MFA for Ubiquiti UniFi
Real steps — the exact menus, fields, and values. Follow along in your console; the whole thing takes about 20 minutes.
Create a RADIUS profile
In the UniFi Network controller, add a RADIUS profile with the Authnull connector as the auth server and your shared secret.
Attach it to the WLAN
Set the enterprise WLAN security to WPA Enterprise and select the Authnull RADIUS profile.
Apply to VPN if used
For Teleport/RADIUS VPN, select the same profile so remote logins are challenged too.
Connect and test
Join the enterprise SSID with a test account; approve the factor and confirm the session in Authnull logs.
Closes the MFA gap auditors look for
Enforcing MFA on Ubiquiti UniFi gives you evidence for the remote-access and privileged-access controls in SOC 2 and the access requirements under CCPA — with per-login logs you can hand straight to an assessor.
Add MFA to Ubiquiti UniFi — free to start.
Spin up Authnull, point Ubiquiti UniFi at it, and enforce a factor on a pilot group today. No card, no rip-and-replace.