Configuring Single Sign-On with OneLogin in Thinfinity Workspace

Configure Single Sign-On Using OneLogin with OAuth


Product: Thinfinity Workspace
Versions: 7 and later

Introduction

In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies the user experience by providing easy and secure access to Workspace applications, streamlining the login process. 

Setup OneLogin as an OAuth Provider



  • You will be presented with the following screen. Hover on Applications and then click on Applications below.


  • Click on the Add App Button.


  • You will be shown a search list. Search for OIDC (OpenID Connect) and click on the search result as shown below.


  • Then, you will be shown a configuration screen. Fill in the Display Name and other details as required, then click on Save.


  • You will be redirected to the Application details page. Go to the Configuration tab and enter the Redirect URI’s from Thinfinity Workspace OAuth/OpenID Connect plugin in the form https://<workspace-server-url>:<port>/OneLogin and click on Save.


  • Now, go to the SSO tab. There you will find the Client ID and Client Secret fields. Copy these credentials for later use in Thinfinity Workspace OAuth/OpenID Connect Plugin configuration on corresponding fields.
  • Make sure to change the Token Endpoint configuration to POST too, then Save.




Assign Users to OneLogin SSO Application

  • Hover on the Users tab and click on the Users option from the menu.


  • You will see the list of users available on your OneLogin platform. Select the user you want to give access to your application.


  • Now for that user, go to the Applications tab from the left menu and click on the blue + icon to add the application.


  • Select the application from the drop down list for which you want to allow SSO for that user and click on Continue.


  • Complete the configurations and click on the Save button.


  • The application will be listed in the user profile as shown in the image below and now this user can SSO into Thinfinity Workspace using his OneLogin credentials for this application.


You have successfully installed the OneLogin Identity Platform as an OAuth provider, enabling user authentication and authorization to the Thinfinity Workspace using OneLogin OAuth SSO with a single set of credentials.

Configure OneLogin into Thinfinity Workspace


Notes
For OneLogin SSO authentication to work, the binding must be HTTPS (SSL). To know more check How to install an SSL certificate in Thinfinity Workspace.
  • First, you should open the Thinfinity Workspace Configuration Manager and go to the Authentication tab, click the Add button then select Oauth2.0 > Other.

Notes
 You must disable the Allow anonymous access option.



  • Once the Oauth method has been added, type the Name and Virtual Path of the Authentication Method. Then, on the General tab, fill in the ClientID and Client Secret fields with the credentials you copied earlier in OneLogin setup.


  • Now, on the Server tab, fill in the details we've seen in previous steps, as shown in the example below.


You can follow this chart as an example to fill in the details of the specified fields in the image above.
Authorization URL:
https://<your-onelogin-domain>.onelogin.com/oidc/2/auth
Authorization parameters:
scope=openid
Custom redirect URL:
https://<workspace-server-url>:<port>/OneLogin
Token Validation Server URL:
https://<your-onelogin-domain>.onelogin.com/oidc/2/token
  • After you have filled in the details, the next step is to go to the Mappings tab on the Authentication tab of Thinfinity Workspace Configuration Manager, and map the OneLogin user to a user on your network.
  • Start by clicking Add, and enter the OneLogin ID Mask, then click OK.


  • Next, while we have selected the OneLogin user we just added, click Add on Associated Permissions and select the user on your network to whom you want to assign the OneLogin credentials.
  • When finished, click Apply.


Once this is done, OneLogin will appear on your Portal as a login option for Thinfinity Workspace.


Conclusion

In conclusion, this document has equipped you with the knowledge and steps necessary to configure Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin as the Identity Provider (IDP). By simplifying the authentication process, SSO offers an easy and secure way to access Workspace applications.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.

    • Related Articles

    • Configure Single Sign-On Using Auth0 with OAuth

      Product: Thinfinity Workspace Version: 7 and above Auth0 is an authentication and authorization platform that simplifies identity management for developers. It provides secure login, identity verification, and single sign-on capabilities for web, ...
    • Configure Single Sign-On Using Google Cloud with OAuth

      Product: Thinfinity Workspace Version: 7 and above The Google Cloud OAuth feature allows users to give third-party applications limited access to their Google Account data without sharing any credentials. Users authenticate with Google, authorize the ...
    • Configure Single Sign-On Using Jumpcloud with OAuth

      Product: Thinfinity Workspace Version: 7 and above Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing ...
    • Configure Single Sign-On Using Okta with OAuth

      Product: Thinfinity Workspace Version: 7 and above Okta with OAuth (Open Authorization) provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth ...
    • Configure Single Sign-On Using Azure AD (Entra ID) with OAuth

      Product: Thinfinity Workspace Version: 7 and above Azure Active Directory (Azure AD) with OAuth enables Single Sign-On (SSO) by allowing users to authenticate with their Azure AD credentials and access authorized applications and resources using ...