How to Configure Single Sign-On in Thinfinity Workspace using Google Cloud OAuth as an IDP

How to Configure Single Sign-On in Thinfinity Workspace using Google Cloud OAuth as an IDP

Product: Thinfinity Workspace
Version: 7 and above

The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing any credentials. Users authenticate with Google, authorize the application, and receive a token to access specific resources. This enables secure integration with different services while protecting user privacy.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Google Cloud OAuth as the Identity Provider (IDP).

I. Prerequisites

  • Google Cloud account with administrative access
  • Thinfinity Workspace installed and accessible

II. Configuring Google Cloud

Create a Google Cloud Project for Thinfinity Workspace

  • First, log into your Google Cloud console or create a new account if necessary.
  • Go to the Credentials section on your Google Cloud console and click Create Project.

  • Enter a Project name, e.g., Thinfinity OAuth.
If desired, change Organization and Location, then click Create.

  • Next, inside the project you just created, click +Create Credentials and select OAuth client ID.

  • Now, select Web Application as the Application type and name it.
  • After that, in the Authorized JavaScript origins, enter the URL or external IP of Thinfinity Workspace and on the Authorized redirect URIs, enter the same URL or external IP adding "/google" at the end, as shown below. Then click Create.

Obtain Google Cloud Client Information

  • Next, note down the Client ID, and Client Secret from your Google Cloud OAuth project settings. These will be needed to configure the SSO in Thinfinity Workspace.

III. Configuring Thinfinity

Set Up SSO on Thinfinity Workspace

  • Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > OAuth 2.0 > Google.

Enter Google Cloud OAuth Details in Thinfinity Workspace

  • Input the Google Cloud OAuth Client ID, and Client Secret into the corresponding fields in the General tab of the Authentication Method Settings.

  • Now, select the Server tab and complete the field Custom redirect URL in this format https://<your-workspace-url>:<port>/Google, the rest of the parameters will be already completed. When finished, click OK.

Configure User Attributes

  • Define which user attributes from Google Cloud will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Google Cloud user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.

IV. Testing the SSO Integration

  • Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with Google.
Verify that you are redirected to the Google login page and can authenticate successfully.

By following these steps, you should be able to integrate Google Cloud OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.