Ubiquiti UniFi Identity SSO Error: How to Fix It

Q: Why did my UniFi SSO suddenly stop working?

SSO typically breaks due to expired certificates, changes in identity provider configuration, metadata updates, or network connectivity issues between UniFi and your identity provider. Check your identity provider for recent changes or certificate expirations.

Q: Can I still access UniFi if SSO is broken?

Yes, you can still log in using local UniFi accounts if they were previously configured. Use the local admin credentials to access the system and fix the SSO configuration. If no local accounts exist, you may need to reset the system.

Q: How often should I update SSO metadata?

Update SSO metadata whenever your identity provider notifies you of changes, when certificates are renewed (typically annually), or when making configuration changes. Some organizations update quarterly as a best practice.

Q: What's the difference between SAML and OIDC for UniFi SSO?

SAML 2.0 uses XML-based metadata files and is common with enterprise identity providers like Active Directory Federation Services. OIDC uses JSON and is more common with cloud providers like Google and Azure AD. Both provide secure single sign-on functionality.

Q: Do I lose user settings when reconfiguring SSO?

User accounts and their associated settings are typically preserved when reconfiguring SSO, as long as the username mapping remains consistent. However, users may need to log in again after the SSO configuration is updated.

Abstract

The Ubiquiti UniFi Identity SSO error occurs when the SAML or OIDC integration between your UniFi system and identity provider breaks down. This prevents users from logging in through single sign-on and typically requires re-issuing the identity provider metadata to restore authentication services.