Sign in Subscribe
homelab

The Importance of Local Accounts

Nick

2 min read
The Importance of Local Accounts

This week, Ubiquiti (UniFi) had an outage. Among the systems affected were UniFi's Single Sign-on services.

While the outage lasted less than an hour, I started to see reports of people online who were unable to log into their UniFi devices, even when directly connecting to them via a local IP address.

UniFi offers remote management interfaces and mobile apps to connect and control your equipment. This is often done using an "Ubiquiti Account." When you create an account within the UniFi ecosystem, you have the option of choosing an Ubiquiti Account or a Local Access Only account.

While most people are probably used to using strictly Ubiquiti Accounts to manage their UniFi devices, it relies on UniFi-hosted identity services being available to function. This means without UniFi, these accounts do not work, and you cannot use them to log in to your appliances.

💡
To avoid this, administrators should create at least one "breakglass" Local Access Only account on their controllers. This bypasses any external authentication source requirements, allowing you to still manage your devices locally.
⁉️
The major downside to Local Access Only accounts is that they do not have MFA, so extra care should be taken to choose strong passwords and configure their network so direct access logins to the UniFi controller can only occur from trusted network locations.