LogoLogo
Download Free TrialLive DemoGet a QuoteContact Us
  • Thinfinity® Workspace
  • About This Document
  • Introduction
  • What's new in Thinfinity® Workspace
  • Architecture
  • Security
  • Getting Started Section
    • Getting Started
    • Installing Thinfinity® Workspace
    • Customizing Thinfinity® Workspace
      • Setting the Access Security Level
        • Access Profiles
          • RDP Profiles
            • Creating an RDP Profile
            • Editing an RDP Profile
            • Disabling an RDP Profile
            • Removing an RDP Profile
            • The "[+]" Profile
          • Web Link Profiles
            • Creating a Web Link Profile
            • Editing a Web Link Profile
            • Disabling a Web Link Profile
            • Removing a Web Link Profile
          • RDS Web Feed Profiles
            • Creating an RDS Web Feed Profile
            • Editing an RDS Web Feed Profile
            • Disabling an RDS Web Feed Profile
            • Removing an RDS Web Feed Profile
          • VNC/RFB Profile
            • Creating a VNC/RFB Profile
            • Editing a VNC/RFB Profile
            • Disabling a VNC/RFB Profile
            • Removing a VNC/RFB Profile
          • Telnet/SSH profile
            • Creating a Telnet/SSH Profile
            • Editing a Telnet/SSH Profile
            • Disabling a Telnet/SSH Profile
            • Removing a Telnet/SSH Profile
      • Testing Internal Access
      • Configuring Internet Access
      • Enabling Remote Sound
      • Mapping Remote Drives
        • Intermediate Disks
        • Shared Folders
    • After Customization
      • Connecting to a Desktop
      • Connecting to an Application
      • Performing a File Transfer
        • Navigating
        • File Options
        • Remote Folder Area Options
        • Downloading and Uploading files
    • Supported RDP Shortcut Keys
    • Using Thinfinity® Workspace for the First Time
      • Verifying the Communication Settings
      • Connecting to a desktop
  • Advanced Settings Section
    • New in Thinfinity® Workspace
      • Web Folder
      • Web VPN
      • Bidirectional Audio Redirection
      • Remote Active Directory
        • How to install and configure Thinfinity® Remote AD Services
        • Active Directory credentials mapping
      • Secondary Broker Pool
        • Architecture
        • How To Install a Secondary Broker
        • How To Add a Pool in the Primary Broker
      • H264 Support
        • How to Enable H264 on your Access Profile
        • Preparing a Remote Desktop for H264 support
      • Web Profile Manager
        • Remote Desktop
        • VNC/RFB
        • Terminal
        • Web Link
        • Web VPN
        • Labels
        • Edit Web Profiles
          • General
          • Display
          • Resources
          • Program
          • Experience
          • Advanced
          • Access Hours
          • Permissions
      • WebBridge - Direct File Transfer
        • How to install Thinfinity® WebBridge
        • WebBridge: User Experience
    • Thinfinity® Configuration Manager
      • General
      • Broker
      • Authentication
        • OAuth/2
          • Methods
          • Settings
          • Mappings
          • Configure OAuth with Okta
          • Configure OAuth with Auth0
        • RADIUS
          • Settings
          • Mappings for SSO
        • TOTP (Time-based One-time Password)
          • TOTP Settings
      • Access Profiles
        • RDP Profile Editor
          • General
            • Setting up a Hyper-V Profile
            • Setting up an RDS Collection Profile
          • Display
          • Resources
          • Program
          • Experience
          • Advanced
          • Printer
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication Methods
        • Web Link Profile Editor
          • General
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication Methods
        • VNC / RFB Profile Editor
          • General
          • Display
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication Methods
        • Telnet/SSH Profile Editor
          • General
          • SSL
          • SSH
          • Display
          • Options
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication Methods
        • Web VPN
          • General
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication Methods
      • Folders
      • Permissions
      • External DLL Authentication Method Settings
      • DUO Authentication Method Settings
        • How to configure DUO
      • SAML Authentication Method Settings
        • Configure SAML with Okta
        • Configure SAML with Centrify
  • Gateway Manager
    • Managing the SSL Certificate
      • The Default Embedded Certificate
      • A Self-Signed Certificate
      • A CA Certificate
  • License Manager
    • License Activation
    • Proxy Activation
    • Get a new Trial Serial Number
    • Activate a Serial Number Online
    • Activate a Serial Number Offline
    • Registering Your License With The License Server Manager
  • Custom Settings
    • Extend the Thinfinity® Workspace Toolbar
  • Customizing the Toolbar
    • Using customsettings.js
    • Using the 'connect' Method
  • Remote FX
  • Save Session
    • Record a Session
    • Play Recorded Sessions
  • Multi-touch Redirection
  • Enhanced Browser and DPI Support
    • Model Inheritance
    • Property Reference
    • The Calculation Process
    • Examples
  • Silent Install Options
  • Credentials Management
    • User-based Access Profiles
    • Credentials Management
  • Customize Translation
  • Mobile Devices Section
    • Mobile Devices
    • Getting into Thinfinity®
    • Mouse Control
    • Keyboards and Toolbars
    • Gestures
    • Disconnecting from Thinfinity®
    • iPad Application
  • Scaling and Load Balancing Section
    • Scaling & Load Balancing
    • Scaling and Load Balancing Configurations
    • Installing Components
    • Configuring a Load Balancing Scenario
    • How to configure your license
  • Integrating Thinfinity® Workspace Section
    • Integrating Thinfinity® Workspace
    • External Authentication
      • Apikey
    • Single sign-on
      • Facebook OAuth Authentication Example
      • Google OAuth/2
        • Google Client ID for Web Applications
      • RADIUS
    • Customizing the Web Interface
      • Changing the Logo
      • Customizing the Web Files
      • Files Location
    • Web Services API
      • Architecture
      • Installing the Web Service
      • Setting up the Communication Settings
      • Profiles Web Service
        • Methods
        • Types
          • The WS Profile type
        • The Demo Applications
      • Analytics Web Service
        • Methods
        • Types
          • WSQueryInfo
          • WSQueryRange
          • WSDBLoginRecord
          • WSSessionRecord
          • WSDBConnectionRecord
          • WSDBBrowserRecord
        • The Demo Application
    • One-Time-URL
      • Configuring the Connection
      • Enabling Features
    • Thinfinity® RemoteAD API reference
    • Thinfinity® REST API Reference
  • User guide Section
    • User Guide
    • Logging In
    • Advanced Web Features
      • Tree View
      • Listing Options
      • Search bar
    • Accessing from Mobile Devices
      • Connecting with Open Parameters
        • General
        • Display
        • Resources
        • Program
        • Experience
        • Advanced
      • Connecting with Profiles
    • Toolbar
      • Actions
      • File Transfer
      • Options
      • Disconnect
    • Features
      • File Transfer
        • Navigating
        • File Options
        • Remote Folder Area Options
        • Downloading and Uploading files
      • Remote Printer
      • Remote Sound
      • Share Session
      • Mapped Drives
      • Analytics
        • Sessions
        • Connections
        • Logins
        • Browsers
        • Filter
        • Configuring MS SQL Server
          • Analytics Tables Reference
    • Disconnecting
Powered by GitBook
On this page
  1. Integrating Thinfinity® Workspace Section

Single sign-on

PreviousApikeyNextFacebook OAuth Authentication Example

Last updated 3 years ago

In a multi-application Single sign-on environment users log in once into one application and gain access to all the other applications without being prompted to log in again for each of them.

As different applications and resources support different authentication mechanisms, Thinfinity® Workspace has to internally for the supported Single sign-on methods, in order to interpret them into the Thinfinity® Workspace local credentials

OAuth 2.0 integration: The configuration options for OAuth 2.0 have been expanded. Now, OAuth /2 authentication servers other than Google are also supported by Thinfinity® Workspace.

OAuth 2.0 is a protocol that validates users against a remote server. This means that Thinfinity® Workspace doesn't validate the user internally, using a username and password. The user authentication is relayed to the OAuth 2.0 server. Once the OAuth 2.0 server validates the user, it returns a validation code to Thinfinity® Workspace. This code will allow Thinfinity® Workspace to access a token. This token provides access to user information —such as the user email— in the OAuth 2.0 authentication server. Thinfinity® Workspace uses this token to request this information. Although not specified by the OAuth 2.0 normative, the Profile information server usually returns a JSON object. This JSON object includes values that can be used in Thinfinity® Workspace to validate the user. These values are mapped to Windows users, so that the corresponding Thinfinity® Workspace permissions are applied.

In order to use OAuth 2.0 in Thinfinity® Workspace, add “/oauth2” or “/google” to the Thinfinity® Workspace URL:

https://<ThinfinityServer>/oauth2

This is the callback URL that has to be configured in the OAuth 2.0 server in order to return the user validation code so that Thinfinity® Workspace can continue with the validation process.

Thinfinity® Workspace gets its address from the route where the browser request is made. This information cannot be modified.

·

·

Google accounts integration:

Thinfinity® Workspace authentication can be integrated to the Google accounts. On the links below you will find the information to set up Thinfinity® Workspace to work with this method:

·

·

·

RADIUS integration:

Thinfinity® Workspace authentication can be integrated with a RADIUS account. On the links below you will find the information to set up Thinfinity® Workspace to work with this method:

Other single-sign-on methods:

·

·

Any other method can also be supported by Thinfinity® Workspace. To make any other methods work with Thinfinity® Workspace you have to and substitute the password with the .

translate and store different credentials
Facebook OAuth authentication example
Enabling OAuth/2 on Thinfinity® Workspace
Google OAuth/2
Google ID for web applications
Enabling Google OAuth/2 on Thinfinity® Workspace
RADIUS
Enabling RADIUS on Thinfinity® Workspace
map external users to Thinfinity® Workspace
Thinfinity® Workspace ApiKey mechanism