terraform-provider-unifi/docs/resources/setting_guest_access.md

page_title, subcategory, description

page_title	subcategory	description
unifi_setting_guest_access Resource - terraform-provider-unifi		The unifi_setting_guest_access resource manages the guest access settings in the UniFi controller. This resource allows you to configure all aspects of guest network access including authentication methods, portal customization, and payment options.

unifi_setting_guest_access (Resource)

The unifi_setting_guest_access resource manages the guest access settings in the UniFi controller.

This resource allows you to configure all aspects of guest network access including authentication methods, portal customization, and payment options.

Example Usage

# Configure guest access settings for your UniFi network
# This example demonstrates a comprehensive guest portal setup with various authentication options

resource "unifi_portal_file" "logo" {
    file_path = "logo.png"
}

resource "unifi_setting_guest_access" "guest_portal" {
  # Basic configuration
  auth            = "hotspot"  # Authentication type: none, hotspot, custom, or external
  portal_enabled  = true      # Enable the guest portal
  portal_use_hostname = true  # Use hostname for the portal
  portal_hostname = "guest.example.com"  # Portal hostname
  template_engine = "angular" # Portal template engine (angular or jsp)
  
  # Expiration settings for guest access
  expire        = 1440       # Minutes until expiration
  expire_number = 1          # Number of time units
  expire_unit   = 1440       # Time unit in minutes
  
  # Enable external captive portal detection
  ec_enabled    = true
  
  # Password protection for guest access
  password = "guest-access-password"
  
  # Google authentication
  google {
    client_id     = "your-google-client-id"
    client_secret = "your-google-client-secret"
    domain        = "example.com"  # Optional: limit sign-ins to a specific domain
    scope_email   = true         # Request email addresses during sign-in
  }
  
  # Payment option (PayPal)
  payment_gateway = "paypal"
  paypal {
    username    = "business@example.com"
    password    = "paypal-api-password"
    signature   = "paypal-api-signature"
    use_sandbox = true  # Set to false for production
  }
  
  # Redirecting guests after authentication
  redirect {
    url      = "https://example.com/welcome"
    use_https = true
    to_https  = true
  }
  
  # Restricted DNS for guests   
  restricted_dns_servers = [
    "1.1.1.1",
    "8.8.8.8"
  ]
  
  # Portal customization options
  portal_customization {
    customized = true
    
    # Portal appearance
    title = "Welcome to Our Guest Network"
    welcome_text = "Thanks for visiting our location. Please enjoy our complimentary WiFi."
    welcome_text_enabled = true
    welcome_text_position = "top"
    
    # Color scheme
    bg_color = "#f5f5f5"
    text_color = "#333333"
    link_color = "#0078d4"
    
    # Authentication dialog box
    box_color = "#ffffff"
    box_text_color = "#333333"
    box_link_color = "#0078d4"
    box_opacity = 90
    box_radius = 5

    # Logo
    logo_file_id = unifi_portal_file.logo.id
    
    # Button styling
    button_color = "#0078d4"
    button_text_color = "#ffffff"
    button_text = "Connect"
    
    # Legal information / Terms of Service
    tos_enabled = true
    tos = "By using this service, you agree to our terms and conditions. Unauthorized use is prohibited."
    
    # Languages supported
    languages = ["PL"]
  }
}

Schema

Optional

• allowed_subnet (String) Subnet allowed for guest access.
• auth (String) Authentication method for guest access. Valid values are:

• none - No authentication required
• hotspot - Password authentication
• facebook_wifi - Facebook auth entication
• custom - Custom authentication

For password authentication, set auth to hotspot and password_enabled to true. For voucher authentication, set auth to hotspot and voucher_enabled to true. For payment authentication, set auth to hotspot and payment_enabled to true.

• auth_url (String) URL for authentication. Must be a valid URL including the protocol.
• authorize (Attributes) Authorize.net payment settings. (see below for nested schema)
• custom_ip (String) Custom IP address. Must be a valid IPv4 address (e.g., 192.168.1.1).
• ec_enabled (Boolean) Enable enterprise controller functionality.
• expire (Number) Expiration time for guest access.
• expire_number (Number) Number value for the expiration time.
• expire_unit (Number) Unit for the expiration time. Valid values are:

• 1 - Minute
• 60 - Hour
• 1440 - Day
• 10080 - Week

• facebook (Attributes) Facebook authentication settings. (see below for nested schema)
• facebook_wifi (Attributes) Facebook WiFi authentication settings. (see below for nested schema)
• google (Attributes) Google authentication settings. (see below for nested schema)
• ippay (Attributes) IPpay Payments settings. (see below for nested schema)
• merchant_warrior (Attributes) MerchantWarrior payment settings. (see below for nested schema)
• password (String, Sensitive) Password for guest access.
• payment_gateway (String) Payment gateway. Valid values are:

• paypal - PayPal
• stripe - Stripe
• authorize - Authorize.net
• quickpay - QuickPay
• merchantwarrior - Merchant Warrior
• ippay - IP Payments

• paypal (Attributes) PayPal payment settings. (see below for nested schema)
• portal_customization (Attributes) Portal customization settings. (see below for nested schema)
• portal_enabled (Boolean) Enable the guest portal.
• portal_hostname (String) Hostname to use for the captive portal.
• portal_use_hostname (Boolean) Use a custom hostname for the portal.
• quickpay (Attributes) QuickPay payment settings. (see below for nested schema)
• radius (Attributes) RADIUS authentication settings. (see below for nested schema)
• redirect (Attributes) Redirect after authentication settings. (see below for nested schema)
• restricted_dns_servers (List of String) List of restricted DNS servers for guest networks. Each value must be a valid IPv4 address.
• restricted_subnet (String) Subnet for restricted guest access.
• site (String) The name of the UniFi site where this resource should be applied. If not specified, the default site will be used.
• stripe (Attributes) Stripe payment settings. (see below for nested schema)
• template_engine (String) Template engine for the portal. Valid values are: jsp, angular.
• voucher_customized (Boolean) Whether vouchers are customized.
• voucher_enabled (Boolean) Enable voucher-based authentication for guest access.
• wechat (Attributes) WeChat authentication settings. (see below for nested schema)

Read-Only

• facebook_enabled (Boolean) Whether Facebook authentication for guest access is enabled.
• google_enabled (Boolean) Whether Google authentication for guest access is enabled.
• id (String) The unique identifier of this resource.
• password_enabled (Boolean) Enable password authentication for guest access.
• payment_enabled (Boolean) Enable payment for guest access.
• radius_enabled (Boolean) Whether RADIUS authentication for guest access is enabled.
• redirect_enabled (Boolean) Whether redirect after authentication is enabled.
• restricted_dns_enabled (Boolean) Whether restricted DNS servers for guest networks are enabled.
• wechat_enabled (Boolean) Whether WeChat authentication for guest access is enabled.

Nested Schema for authorize

Required:

• login_id (String) Authorize.net login ID for authentication.
• transaction_key (String) Authorize.net transaction key for authentication.

Optional:

• use_sandbox (Boolean) Use sandbox mode for Authorize.net payments.

Nested Schema for facebook

Required:

• app_id (String) Facebook application ID for authentication.
• app_secret (String, Sensitive) Facebook application secret for authentication.

Optional:

• scope_email (Boolean) Request email scope for Facebook authentication.

Nested Schema for facebook_wifi

Required:

• gateway_id (String) Facebook WiFi gateway ID.
• gateway_name (String) Facebook WiFi gateway name.
• gateway_secret (String, Sensitive) Facebook WiFi gateway secret.

Optional:

• block_https (Boolean) Mode HTTPS for Facebook WiFi.

Nested Schema for google

Required:

• client_id (String) Google client ID for authentication.
• client_secret (String) Google client secret for authentication.

Optional:

• domain (String) Restrict Google authentication to specific domain.
• scope_email (Boolean) Request email scope for Google authentication.

Nested Schema for ippay

Required:

• terminal_id (String, Sensitive) Terminal ID for IP Payments.

Optional:

• use_sandbox (Boolean) Whether to use sandbox mode for IPPay payments.

Nested Schema for merchant_warrior

Required:

• api_key (String, Sensitive) MerchantWarrior API key.
• api_passphrase (String, Sensitive) MerchantWarrior API passphrase.
• merchant_uuid (String, Sensitive) MerchantWarrior merchant UUID.

Optional:

• use_sandbox (Boolean) Whether to use sandbox mode for MerchantWarrior payments.

Nested Schema for paypal

Required:

• password (String, Sensitive) PayPal password.
• signature (String, Sensitive) PayPal signature.
• username (String, Sensitive) PayPal username. Must be a valid email address.

Optional:

• use_sandbox (Boolean) Whether to use sandbox mode for PayPal payments.

Nested Schema for portal_customization

Optional:

• authentication_text (String) Custom authentication text for the portal.
• bg_color (String) Background color for the custom portal. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• bg_image_file_id (String) ID of the background image portal file. File must exist in controller, use unifi_portal_file to manage it.
• bg_image_tile (Boolean) Tile the background image.
• bg_type (String) Type of portal background. Valid values are:

• color - Solid color background
• image - (not yet supported!) Custom image background
• gallery - Image from Unsplash gallery

• box_color (String) Color of the login box in the portal. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• box_link_color (String) Color of links in the login box. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• box_opacity (Number) Opacity of the login box (0-100).
• box_radius (Number) Border radius of the login box in pixels.
• box_text_color (String) Text color in the login box. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• button_color (String) Button color in the portal. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• button_text (String) Custom text for the login button.
• button_text_color (String) Button text color. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• customized (Boolean) Whether the portal is customized.
• languages (List of String) List of enabled languages for the portal.
• link_color (String) Color for links in the portal. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• logo_file_id (String) ID of the logo image portal file. File must exist in controller, use unifi_portal_file to manage it.
• logo_position (String) Position of the logo in the portal. Valid values are: left, center, right.
• logo_size (Number) Size of the logo in pixels.
• success_text (String) Text displayed after successful authentication.
• text_color (String) Main text color for the portal. Must be a valid hex color code (e.g., #FFF or #FFFFFF).
• title (String) Title of the portal page.
• tos (String) Terms of service text.
• tos_enabled (Boolean) Enable terms of service acceptance requirement.
• unsplash_author_name (String) Name of the Unsplash author for gallery background.
• unsplash_author_username (String) Username of the Unsplash author for gallery background.
• welcome_text (String) Welcome text displayed on the portal.
• welcome_text_enabled (Boolean) Enable welcome text display.
• welcome_text_position (String) Position of the welcome text. Valid values are: under_logo, above_boxes.

Nested Schema for quickpay

Required:

• agreement_id (String, Sensitive) QuickPay agreement ID.
• api_key (String, Sensitive) QuickPay API key.
• merchant_id (String, Sensitive) QuickPay merchant ID.

Optional:

• use_sandbox (Boolean) Enable sandbox mode for QuickPay payments.

Nested Schema for radius

Required:

• auth_type (String) RADIUS authentication type. Valid values are: chap, mschapv2.
• profile_id (String) ID of the RADIUS profile to use.

Optional:

• disconnect_enabled (Boolean) Enable RADIUS disconnect messages.
• disconnect_port (Number) Port for RADIUS disconnect messages.

Nested Schema for redirect

Required:

• url (String) URL to redirect to after authentication. Must be a valid URL.

Optional:

• to_https (Boolean) Redirect HTTP requests to HTTPS.
• use_https (Boolean) Use HTTPS for the redirect URL.

Nested Schema for stripe

Required:

• api_key (String, Sensitive) Stripe API key.

Nested Schema for wechat

Required:

• app_id (String) WeChat App ID for social authentication.
• app_secret (String, Sensitive) WeChat App secret.
• secret_key (String, Sensitive) WeChat secret key.

Optional:

• shop_id (String) WeChat Shop ID for payments.