Single sign-on

In a multi-application Single sign-on environment users log in once into one application and gain access to all the other applications without being prompted to log in again for each of them.

As different applications and resources support different authentication mechanisms, Thinfinity® Workspace has to internally translate and store different credentials for the supported Single sign-on methods, in order to interpret them into the Thinfinity® Workspace local credentials

OAuth 2.0 integration: The configuration options for OAuth 2.0 have been expanded. Now, OAuth /2 authentication servers other than Google are also supported by Thinfinity® Workspace.

OAuth 2.0 is a protocol that validates users against a remote server. This means that Thinfinity® Workspace doesn't validate the user internally, using a username and password. The user authentication is relayed to the OAuth 2.0 server. Once the OAuth 2.0 server validates the user, it returns a validation code to Thinfinity® Workspace. This code will allow Thinfinity® Workspace to access a token. This token provides access to user information —such as the user email— in the OAuth 2.0 authentication server. Thinfinity® Workspace uses this token to request this information. Although not specified by the OAuth 2.0 normative, the Profile information server usually returns a JSON object. This JSON object includes values that can be used in Thinfinity® Workspace to validate the user. These values are mapped to Windows users, so that the corresponding Thinfinity® Workspace permissions are applied.

In order to use OAuth 2.0 in Thinfinity® Workspace, add “/oauth2” or “/google” to the Thinfinity® Workspace URL:

https://<ThinfinityServer>/oauth2

This is the callback URL that has to be configured in the OAuth 2.0 server in order to return the user validation code so that Thinfinity® Workspace can continue with the validation process.

Thinfinity® Workspace gets its address from the route where the browser request is made. This information cannot be modified.

· Facebook OAuth authentication example

· Enabling OAuth/2 on Thinfinity® Workspace

Google accounts integration:

Thinfinity® Workspace authentication can be integrated to the Google accounts. On the links below you will find the information to set up Thinfinity® Workspace to work with this method:

· Google OAuth/2

· Google ID for web applications

· Enabling Google OAuth/2 on Thinfinity® Workspace

RADIUS integration:

Thinfinity® Workspace authentication can be integrated with a RADIUS account. On the links below you will find the information to set up Thinfinity® Workspace to work with this method:

· RADIUS

· Enabling RADIUS on Thinfinity® Workspace

Other single-sign-on methods:

Any other method can also be supported by Thinfinity® Workspace. To make any other methods work with Thinfinity® Workspace you have to map external users to Thinfinity® Workspace and substitute the password with the Thinfinity® Workspace ApiKey mechanism.