Configure Single Sign-On in using Okta with OAuth

Configure Single Sign-On in using Okta with OAuth

Product: Thinfinity Workspace
Version: 7 and above


Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing access tokens and managing authorization, improving security and interoperability across integrated services and platforms.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Okta OAuth as the Identity Provider (IDP).

I. Prerequisites

  • Okta account with administrative access.
  • Thinfinity Workspace installed and accessible.

II. Configuring Okta

Create an Okta Application for Thinfinity Workspace

  • First, log into your Okta dashboard or create a new account if necessary.
  • Go to the Applications section and click Create App Integration.

  • Select the Sign-in method, in this case it will be OIDC-OpenID Connect, then click Next.

  • Below, choose Web Application for the Application type and click Next.

  • Now, in the New Web App Integration, provide an App integration name and scroll down.

  • In the Sign-in and Sign-out redirect URIs , enter the Thinfinity Workspace URL or external IP and the Port as shown below. In the Sign-in redirect URIs also add the virtual path at the end, which in this case is /okta. Then click Create.
Sign-in redirect URIs = https://[YourWorkspaceURL]:[Port]/okta
Sign-out redirect URIs = https://[YourWorkspaceURL]:[Port]
Take note of these values, as they will be needed to configure SSO in Thinfinity Workspace.

  • Now, scroll down and select how you want to make the Assignments for the app integration. When finished, click Save.

Obtain Okta Client Information

  • Now that the application is created, it will redirect you to the Application Settings window. Next, note down the Client ID, and Client Secret from the respective fields. These will be needed to configure the SSO in Thinfinity Workspace.

  • You will also need to note down the Okta Server for your account, which is located in the top right corner of the window. Click there to have access to it. It has the form [account-ID].okta.com.

Configure User Assignments

  • Now you will configure the users and/or groups assigned to the application. To do so, go to Applications and click on the Thinfinity OAuth application you just created.

  • In there you will select Assignments, click Assign and select Assign to People or Groups.

  • Then, you will look for the user or group to assign to the application and click Assign. When finished click Done. (You can integrate Active Directory or LDAP to Okta in the Directory option in the main menu).


III. Configuring Thinfinity

Set Up SSO on Thinfinity Workspace

  • Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > OAuth 2.0 > Okta.

Enter Okta OAuth Details in Thinfinity Workspace

  • Here, you will name the authentication method and enter the Okta OAuth Client ID, and Client Secret into the corresponding fields in the General tab of the Authentication Method Settings.

  • Now, you will select the Server tab and replace the value [SERVER] in the different fields with the server name that you obtained previously from the Okta dashboard.

Configure User Attributes

  • Define which user attributes from Okta will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Okta user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.



IV. Testing the SSO Integration

  • Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with Okta.
Verify that you are redirected to the Okta login page and can authenticate successfully.



By following these steps, you should be able to integrate Okta OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.

    • Related Articles

    • Configure Single Sign-On in using OneLogin with OAuth

      Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...
    • Configure Single Sign-On in using Jumpcloud with OAuth

      Product: Thinfinity Workspace Version: 7 and above Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing ...
    • Configure Single Sign-On in using Okta with SAML

      Product: Thinfinity Workspace Version: 7 and above Okta SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Okta and securely access multiple ...
    • Configure Single Sign-On in using Auth0 with OAuth

      Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...
    • Configure Single Sign-On in using Google Cloud with OAuth

      Product: Thinfinity Workspace Version: 7 and above The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing any credentials. Users authenticate with Google, authorize the ...