Configure Single Sign-On in using Okta with SAML
Product: Thinfinity Workspace
Version: 7 and above
Okta SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Okta and securely access multiple applications. Okta generates SAML assertions that enable seamless authentication and authorization across integrated services, improving user experience and security.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Okta SAML as the Identity Provider (IDP).
I. Prerequisites
- Okta account with administrative access.
- Thinfinity Workspace installed and accessible.
II. Configuring Okta
Create an Okta Application for Thinfinity Workspace
- First, log into your Okta dashboard or create a new account if necessary.
- Go to the Applications section and click Create App Integration.
- Select the Sign-in method, in this case it will be SAML 2.0, then click Next.
- Now, in the General Settings, provide an Application name and click Next.
- Here, complete the Single sign-on URL and Audience URI (SP Entry ID) fields in this format:
Single sign-on URL = https//[MyThinfinityWebsite]:[Port]/SAMLAssertionConsumerService
Audience URI (SP Entry ID) = https//[MyThinfinityWebsite]:[Port]
Take note of these values, as they will be needed to configure SSO in Thinfinity Workspace.
- When finished, scroll down and click Next.
- Next, choose the Feedback options that apply to your application and click Finish.
Obtain Okta Client Information and Certificate
- Now that the application has been created, it should redirect you to the Application Settings window. Scroll down and click on View SAML setup instructions.
- Next, note down the Identity Provider Single Sign-On URL, and Identity Provider Issuer from your Okta SAML application settings. These will be needed to configure SSO in Thinfinity Workspace.
- Below, you will also download the X.509 certificate.
Configure User Assignments
- Now you will configure the users and/or groups assigned to the application. To do this, go to Applications and click on the Thinfinity SAML application you have just created.
- In there you will select Assignments, click Assign and select Assign to People or Groups.
- Next, locate the user or group you want to assign to the application and click Assign. When finished, click Done. (You can integrate Active Directory or LDAP with Okta using the Directory option in the main menu).
III. Configuring Thinfinity
Set Up SSO on Thinfinity Workspace
- Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > SAML.
Enter Okta SAML Details in Thinfinity Workspace
- Here, you will Name the method and enter the Okta SAML values that you have previously obtained from the Okta dashboard, into the corresponding fields in the General tab of the Authentication Method Settings, as shown below:
- Service Identifier = Audience URI (SP Entity ID) (https://[MythinfinityWebsite]:[Port]).
- Service Certificate File = Path to your certificate’s file (This is your workspace's site certificate).
- Service Certificate Password = Password for the certificate above.
- Identification Entity ID = Identity Provider Issuer.
- Single Sign-On Service URL = Identity Provider Single Sign-On URL.
- Sign-Out URL = This value is optional.
- Partner Certificate File = Path to the X.509 Certificate you previously downloaded from Okta.
Configure User Attributes
- Define which user attributes from Okta will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Okta user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.
IV. Testing the SSO Integration
- Finally, attempt to log in to Thinfinity Workspace and try the option Sign in with SAML.
Verify that you are redirected to the Okta login page and can authenticate successfully.
By following these steps, you should be able to integrate Okta SAML as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.
Related Articles
Configure Single Sign-On in using OneLogin with OAuth
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...Configure Single Sign-On in using Okta with OAuth
Product: Thinfinity Workspace Version: 7 and above Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth ...Configure Single Sign-On in using PingID with SAML
Product: Thinfinity Workspace Version: 7 and above PingID SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with PingID and securely access multiple ...Configure Single Sign-On using Jumpcloud with SAML
Product: Thinfinity Workspace Version: 7 and above Jumpcloud SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Jumpcloud and securely access ...Configure Single Sign-On in using Jumpcloud with OAuth
Product: Thinfinity Workspace Version: 7 and above Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing ...