In a multi-application Single sign-on environment users log in once into one application and gain access to all the other applications without being prompted to log in again for each of them.
As different applications and resources support different authentication mechanisms, Thinfinity® Workspace has to internally translate and store different credentials for the supported Single sign-on methods, in order to interpret them into the Thinfinity® Workspace local credentials
OAuth 2.0 integration:
The configuration options for OAuth 2.0 have been expanded. Now, OAuth /2 authentication servers other than Google are also supported by Thinfinity® Workspace.
OAuth 2.0 is a protocol that validates users against a remote server. This means that Thinfinity® Workspace doesn't validate the user internally, using a username and password. The user authentication is relayed to the OAuth 2.0 server. Once the OAuth 2.0 server validates the user, it returns a validation code to Thinfinity® Workspace. This code will allow Thinfinity® Workspace to access a token. This token provides access to user information —such as the user email— in the OAuth 2.0 authentication server. Thinfinity® Workspace uses this token to request this information. Although not specified by the OAuth 2.0 normative, the Profile information server usually returns a JSON object. This JSON object includes values that can be used in Thinfinity® Workspace to validate the user. These values are mapped to Windows users, so that the corresponding Thinfinity® Workspace permissions are applied.
In order to use OAuth 2.0 in Thinfinity® Workspace, add “/oauth2” or “/google” to the Thinfinity® Workspace URL:
This is the callback URL that has to be configured in the OAuth 2.0 server in order to return the user validation code so that Thinfinity® Workspace can continue with the validation process.
Thinfinity® Workspace gets its address from the route where the browser request is made. This information cannot be modified.