Product: Thinfinity Workspace
Version: 7 and above
Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing access tokens and managing authorization, improving security and interoperability across integrated services and platforms.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Okta OAuth as the Identity Provider (IDP).
I. Prerequisites
- Okta account with administrative access.
- Thinfinity Workspace installed and accessible.
II. Configuring Okta
Create an Okta Application for Thinfinity Workspace
- First, log into your Okta dashboard or create a new account if necessary.
- Go to the Applications section and click Create App Integration.
- Select the Sign-in method, in this case it will be OIDC-OpenID Connect, then click Next.
- Below, choose Web Application for the Application type and click Next.
- Now, in the New Web App Integration, provide an App integration name and scroll down.
- In the Sign-in and Sign-out redirect URIs , enter the Thinfinity Workspace URL or external IP and the Port as shown below. In the Sign-in redirect URIs also add the virtual path at the end, which in this case is /okta. Then click Create.
Sign-in redirect URIs = https://[YourWorkspaceURL]:[Port]/okta
Sign-out redirect URIs = https://[YourWorkspaceURL]:[Port]
Take note of these values, as they will be needed to configure SSO in Thinfinity Workspace.
- Now, scroll down and select how you want to make the Assignments for the app integration. When finished, click Save.
- Now that the application is created, it will redirect you to the Application Settings window. Next, note down the Client ID, and Client Secret from the respective fields. These will be needed to configure the SSO in Thinfinity Workspace.
- You will also need to note down the Okta Server for your account, which is located in the top right corner of the window. Click there to have access to it. It has the form [account-ID].okta.com.
- Now you will configure the users and/or groups assigned to the application. To do so, go to Applications and click on the Thinfinity OAuth application you just created.
- In there you will select Assignments, click Assign and select Assign to People or Groups.
- Then, you will look for the user or group to assign to the application and click Assign. When finished click Done. (You can integrate Active Directory or LDAP to Okta in the Directory option in the main menu).
III. Configuring Thinfinity
Set Up SSO on Thinfinity Workspace
- Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > OAuth 2.0 > Okta.
Enter Okta OAuth Details in Thinfinity Workspace
- Here, you will name the authentication method and enter the Okta OAuth Client ID, and Client Secret into the corresponding fields in the General tab of the Authentication Method Settings.
- Now, you will select the Server tab and replace the value [SERVER] in the different fields with the server name that you obtained previously from the Okta dashboard.
- Define which user attributes from Okta will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Okta user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.
IV. Testing the SSO Integration
- Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with Okta.
Verify that you are redirected to the Okta login page and can authenticate successfully.
By following these steps, you should be able to integrate Okta OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to
reach out to us. Our team is always available to help address any questions or concerns you may have.