Configure Single Sign-On in using Azure AD (Entra ID) with OAuth
Product: Thinfinity Workspace
Version: 7 and above
Azure Active Directory (Azure AD) with OAuth enables Single Sign-On (SSO) by allowing users to authenticate with their Azure AD credentials and access authorized applications and resources using OAuth tokens. This integration simplifies access management, enhances security, and improves user experience across Azure and integrated services.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Azure AD (Entra ID) with OAuth as the Identity Provider (IDP).
I. Prerequisites:
- Azure AD (Entra ID) account with administrative access
- Thinfinity Workspace installed and accessible
II. Configuring Azure AD (Entra ID)
Create an Azure AD Project for Thinfinity Workspace
- First, log into your Azure portal or create a new account if necessary.
- Go to the App registrations section or look for it in the search bar.
- Now, click on New registration.
- Next, write a Name for the Application and select the supported account type as Accounts in this organizational directory only.
- Below, in the Redirect URI section, select Web as the application type and enter the URL or external IP and port of Thinfinity Workspace adding "/azure" at the end, as shown below. Then click Register.
Add Azure Client Secret Information
- Now, go to the Certificate and secrets section on the left menu. Then select Client secrets on the central panel and click on New client secret. The Add a client secret window will then appear where you will have to enter a Description and an Expiration lapse for the secret. When finished click Add.
- Copy the Value field of the Client secret. This will be needed to configure the SSO in Thinfinity Workspace.
- Then, go back to the first item on the left menu, Overview and copy the Application (client) ID and Directory (tenant) ID. These two IDs will also be needed to configure the SSO in Thinfinity Workspace.
III. Configuring Thinfinity:
Set Up SSO on Thinfinity Workspace
- Open the Thinfinity Configuration Manager, navigate to the Authentication tab and then select the Methods tab. After that, click Add > OAuth 2.0 > Azure.
Enter Azure OAuth Details in Thinfinity Workspace
- Here, input the Azure OAuth Application (client) ID, and Client Secret into the corresponding fields in the General tab of the Authentication Method Settings.
- Now, select the Server tab and in the Authorization URL field and in the Token Validation Server URL, replace the [Directory ID] part of the URL with the Directory (tenant) ID you copied before. When finished, click OK.
Configure User Attributes
- Define which user attributes from Azure will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Azure user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.
IV. Test the SSO Integration
- Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with Azure.
Verify that you are redirected to the Azure login page and can authenticate successfully.
By following these steps, you should be able to integrate Azure with OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.
Related Articles
Configure Single Sign-On in using OneLogin with OAuth
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...Configure Single Sign-On in using Auth0 with OAuth
Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...Configure Single Sign-On in using Google Cloud with OAuth
Product: Thinfinity Workspace Version: 7 and above The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing any credentials. Users authenticate with Google, authorize the ...Configure Single Sign-On in using Okta with OAuth
Product: Thinfinity Workspace Version: 7 and above Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth ...Configure Single Sign-On in using Jumpcloud with OAuth
Product: Thinfinity Workspace Version: 7 and above Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing ...