# WiFi-based check-in: Ubiquiti UniFi
### Setup
Before you configure the controller make sure you have set up your [RADIUS server and have purchased a license](/platform/settings/integrations-and-apps-1/wifi-based-check-in/setting-up-wifi-based-check-in-using-radius-servers.md).
### Configuring UniFi Controller for external Captive Portal authentication
This option will present users with a splash page. It relies on your WiFi network to be open or to use a shared WiFi password. When users connect to it and open their browser, they will be presented with a login screen where to type their email and PIN code to connect to your network. You can also configure this appliance to use Enterprise Authentication using the instructions in the section below.
1. Provide the public IP of your UniFi controller. The RADIUS servers need to be able to directly connect to your Controller (SW, Cloud Key) to authorise connecting devices. Controller URL is usually in format like this [**https://your\_public\_static\_ip:8443**](https://your_public_static_ip:8443/). Make sure it is the PUBLIC IP address and it's reachable through the Internet (not internal address like 192.168.\*.\*, 172.16.\*.\*, or 10.\*.\*.\*).
2. You might need to configure port forwarding on your Internet router and firewall. If you are not sure, please contact your ISP provider. [This article](https://help.ubnt.com/hc/en-us/articles/235723207-UniFi-USG-Port-Forward-Port-Forwarding-Configuration-and-Troubleshooting) may help you doing this. The source IPs connecting to your controllers are 35.184.225.240, or 35.201.240.80, or 35.195.230.167.
3. Sign in to your UniFi Controller.
4. In Wireless network settings change the **Security** to *Open* and **enable Guest services**.
5. Navigate to **Guest services** settings.
6. Select **External Captive Portal**.
7. Enter **107.178.250.42** in the IP address input field.
8. Check the redirect using hostname checkbox and enter the Splash pageURL here. You should have been provided the URL by the Nexudus team together with a license. The page looks by default like this:
* Add 107.178.250.42/32 to the Pre-Authorization Access list
* Apply settings and try with your phone or computer
### Configuring UniFi Controller for WPA-Enterprise
1. Navigate to **Wireless Networks** and change **Security** to *WPA-Enterprise*. Add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from the details of the Radius Server provided when you created the Radius Server above.
2. Make sure you use the same IP for both the Auth and Accounting servers. If you add a secondary Auth and Accounting servers then use the secondary IP provided.
3. **Optional:** Enable **Interim Update**.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://legacydocs.nexudus.com/platform/settings/integrations-and-apps-1/wifi-based-check-in/setting-up-wifi-based-check-in-using-radius-servers/network-based-check-in-ubiquiti-unifi.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.