Versions: 7 and later
Introduction
In this document, we will walk you through the process of configuring Single Sign-On (SSO) in with OneLogin serving as the Identity Provider (IDP). SSO simplifies the user experience by providing easy and secure access to Workspace applications, streamlining the login process.
Setup OneLogin as an OAuth Provider
- You will be presented with the following screen. Hover on Applications and then click on Applications below.
- Click on the Add App Button.
- You will be shown a search list. Search for OIDC (OpenID Connect) and click on the search result as shown below.
- Then, you will be shown a configuration screen. Fill in the Display Name and other details as required, then click on Save.
- You will be redirected to the Application details page. Go to the Configuration tab and enter the Redirect URI’s from Thinfinity Workspace OAuth/OpenID Connect plugin in the form https://<workspace-server-url>:<port>/OneLogin and click on Save.
- Now, go to the SSO tab. There you will find the Client ID and Client Secret fields. Copy these credentials for later use in Thinfinity Workspace OAuth/OpenID Connect Plugin configuration on corresponding fields.
- Make sure to change the Token Endpoint configuration to POST too, then Save.
Assign Users to OneLogin SSO Application
- Hover on the Users tab and click on the Users option from the menu.
- You will see the list of users available on your OneLogin platform. Select the user you want to give access to your application.
- Now for that user, go to the Applications tab from the left menu and click on the blue + icon to add the application.
- Select the application from the drop down list for which you want to allow SSO for that user and click on Continue.
- Complete the configurations and click on the Save button.
- The application will be listed in the user profile as shown in the image below and now this user can SSO into Thinfinity Workspace using his OneLogin credentials for this application.
You have successfully installed the OneLogin Identity Platform as an OAuth provider, enabling user authentication and authorization to the Thinfinity Workspace using OneLogin OAuth SSO with a single set of credentials.
- First, you should open the Thinfinity Workspace Configuration Manager and go to the Authentication tab, click the Add button then select Oauth2.0 > Other.
You must disable the Allow anonymous access option.
- Once the Oauth method has been added, type the Name and Virtual Path of the Authentication Method. Then, on the General tab, fill in the ClientID and Client Secret fields with the credentials you copied earlier in OneLogin setup.
- Now, on the Server tab, fill in the details we've seen in previous steps, as shown in the example below.
You can follow this chart as an example to fill in the details of the specified fields in the image above.
Authorization URL: | https://<your-onelogin-domain>.onelogin.com/oidc/2/auth |
Authorization parameters: | scope=openid |
Custom redirect URL: | https://<workspace-server-url>:<port>/OneLogin |
Token Validation Server URL: | https://<your-onelogin-domain>.onelogin.com/oidc/2/token |
- After you have filled in the details, the next step is to go to the Mappings tab on the Authentication tab of Thinfinity Workspace Configuration Manager, and map the OneLogin user to a user on your network.
- Start by clicking Add, and enter the OneLogin ID Mask, then click OK.
- Next, while we have selected the OneLogin user we just added, click Add on Associated Permissions and select the user on your network to whom you want to assign the OneLogin credentials.
- When finished, click Apply.
Once this is done, OneLogin will appear on your Portal as a login option for Thinfinity Workspace.
Conclusion
In conclusion, this document has equipped you with the knowledge and steps necessary to configure Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin as the Identity Provider (IDP). By simplifying the authentication process, SSO offers an easy and secure way to access Workspace applications.
If you have any further inquiries or need additional support, please do not hesitate to
reach out to us. Our team is always available to help address any questions or concerns you may have.