How to Configure Single Sign-On in Thinfinity Workspace using RADIUS as an IDP

How to Configure Single Sign-On in Thinfinity Workspace using RADIUS as an IDP

Product: Thinfinity Workspace
Version: 7 and above


RADIUS (Remote Authentication Dial-In User Service) is a networking protocol used for centralized authentication, authorization, and accounting (AAA) for remote access services. It enables secure user authentication and access control for network resources, commonly used in VPNs, wireless networks, and dial-up connections.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using RADIUS as the Identity Provider (IDP).

I. Prerequisites

  • Thinfinity Workspace installed and accessible.
  • Network connectivity between Thinfinity Workspace and your RADIUS server.

II. Configuring RADIUS Server

Install Network Policy and Access Services Role

  • First, open the Server Manager and select the Add roles and features option.
  • In the Server Roles section, choose the Network Policy and Access Services Role to install it.


Configure Radius Server

  • Once the role has been installed, locate the Administrative Tools and open the Network Policy Server to configure the RADIUS Server.

  • Next, select the Network Policies folder and click Action > New from the menu bar to create a new network policy.
      
  • Now, enter a Policy name. If desired, change any other optional settings, then click Next.

  • In the next screen, click Add and select the condition to be able to authenticate through the RADIUS Server. i.e. If the user group you want to grant access to is local, choose Windows Groups and if it is an Active Directory Group, choose User Groups. Once you have selected the condition, click Add to enter the specific details.

  • In this case, we have selected a local windows group and now we will now add the specific group we want to grant access to (This group should have been previously created and populated in Windows Server). Click Add Groups.

  • Enter the group to which you want to grant access. Then click OK.
Click Next on the next two confirmation screens.

       
  • Next, configure the authentication method. Click Add, select the Authentication method and click OK.
Click Next on the next two confirmation screens.


  • Here you can confirm all the policy parameters you have just configured. If everything is ok, click Finish.

  • Next, select the RADIUS Clients folder and click Action > New from the menu bar to create a new RADIUS client.

Enter RADIUS Client Information

  • Next, enter the Friendly Name for the client and the Address of the Network Client that will connect to the RADIUS Server. Also enter your chosen Shared secret. Note down all this information as it will be needed to configure the SSO in Thinfinity Workspace. When finished click OK.


III. Configuring Thinfinity

Set Up SSO on Thinfinity Workspace

  • Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > Radius.

Enter RADIUS Server Details in Thinfinity Workspace

  • Input the RADIUS Server IP, Port, Shared Secret and Authentication Type into the corresponding fields on the Server tab of the Authentication Method Settings. Then click OK.

  • Last, Apply all the changes.


IV. Testing the SSO Integration

  • Finally, attempt to log in to Thinfinity Workspace and try the option Use Radius.
Verify that you are redirected to the RADIUS Server and can authenticate successfully.



By following these steps, you should be able to integrate RADIUS as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.