Configure Single Sign-On in using Jumpcloud with OAuth
Product: Thinfinity Workspace
Version: 7 and above
Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing access tokens and managing authorization, improving security and interoperability across integrated services and platforms.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Okta OAuth as the Identity Provider (IDP).
I. Prerequisites
- Jumpcloud account with administrative access.
- Thinfinity Workspace installed and accessible.
II. Configuring Jumpcloud
Create a Jumpcloud Application for Thinfinity Workspace
- First, log into your Jumpcloud dashboard or create a new account if necessary.
- Go to the SSO Applications section and click Get Started.
- Select the Application type, in this case it will be Custom Application. Click Select.
- Once you have selected the application type, click Next.
- Select the Manage Single Sign-On (SSO) feature and Configure SSO with OIDC as the authorization protocol. Then click Next.
- Now, in Display Label, provide a name for the app and click Save Application.
- Here you will see a summary of the options you have selected so far. You can now proceed with the configuration by clicking Configure Application.
- In the SSO Configuration, in the Redirect URIs field, enter the Thinfinity Workspace URL or external IP, the Port and add the virtual path at the end, which in this case is /OAuth.
Also, enter the Login URL which is the Thinfinity Workspace URL or external IP, and the Port as shown below.
Redirect URIs = https://[YourWorkspaceURL]:[Port]/oauth
Login URL = https://[YourWorkspaceURL]:[Port]
When finished click activate.
- Now that the application has been created and activated, you will see the Application Settings window. Note the Client ID and Client Secret from the respective fields. These will be needed to configure SSO in Thinfinity Workspace. Then click Got It.
Configure User Assignments
- You can create users manually or import them from Active Directory, CSV, or other repositories. Select Users in the dashboard and click the desired option.
- Then you will activate the users and assign them to different user groups, which you will also create. Select User Groups in the dashboard and click the plus button to create a group.
- After you create the user group, add previously created users to it. Within the new user group, click Users and assign them.
- Now go to Applications and click the application you want to assign to this user group. Then click Save.
III. Configuring Thinfinity
Set Up SSO on Thinfinity Workspace
- Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > OAuth 2.0 > Other.
Enter Jumpcloud OAuth Details in Thinfinity Workspace
- Input the Jumpcloud Client ID, and Client Secret into the corresponding fields in the General tab of the Authentication Method Settings. You can also change the authentication method Name.
- Now, select the Server tab and fill in the fields with the information gathered from the Endpoints in the Jumpcloud SSO configuration. When finished, click OK.
You can follow this table as an example to fill in the details of the specified fields in the image above.
|
|
|
|
Authorization URL:
|
|
|
Authorization parameters:
|
scope=openid
|
|
Custom redirect URL:
|
https://<your-workspace-url>:<port>/oauth
|
|
Token Validation Server URL:
|
Configure User Attributes
- Define which user attributes from Jumpcloud will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Jumpcloud user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.
IV. Testing the SSO Integration
- Attempt to log in to Thinfinity Workspace and try the option Sign in with Jumpcloud.
Verify that you are redirected to the Jumpcloud login page and can authenticate successfully.
By following these steps, you should be able to integrate Jumpcloud OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.
Related Articles
Configure Single Sign-On in using OneLogin with OAuth
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...Configure Single Sign-On using Jumpcloud with SAML
Product: Thinfinity Workspace Version: 7 and above Jumpcloud SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Jumpcloud and securely access ...Configure Single Sign-On in using Auth0 with OAuth
Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...Configure Single Sign-On in using Google Cloud with OAuth
Product: Thinfinity Workspace Version: 7 and above The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing any credentials. Users authenticate with Google, authorize the ...Configure Single Sign-On in using Okta with OAuth
Product: Thinfinity Workspace Version: 7 and above Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth ...