Mappings

With Thinfinity Workspace, you are able to configure various authentication methods to login securely to a single platform and to also provide granularity by segregating permissions with users/profiles.
In order to associate Authentication Providers users with the local/domain users on the Windows Server hosting Workspace, you have to map them by using Configuration Manager. 

In the 'Mappings' sub-tab of the Thinfinity® Workspace Configuration Manager's 'Authentication' tab, you will link your authentication users to either Local Windows or Active Directory users or groups. This way, you tell Thinfinity® Workspace that users that authenticate with any given authentication method can in fact login and are going to be shown certain profiles they are linked with and you have configured in advance.

The 'Mappings' tab can be organized in two different ways. By pressing the 'Switch base' button, you select whether you want to see a list of Remote Usernames ID Mask above, that you will map with the Associated User(s)/Group(s) Access below; or a list of Associated User(s)/Group(s) Access that you will map with the Remote Usernames ID Mask list below. This is solely for convenience and doesn't change the way it works, only the way it is shown. 

You might want to think that a certain authentication username has several Local or Active Directory groups that it's associated with and thus choose to see the remote users above. Or you might prefer to see, for example, a list of Active Directory users and link each of them with several remote users ID Mask. Switching the base doesn't change the users and their mapping.

How to map users using Thinfinity Configuration Manager

In this example, you can review how to map a Google user (OAuth) authentication method to a Local/Domain Windows User. This assumes you already have the authentication method configured in your environment. For more information on this chek our documentation. 

• Open Thinfinity Configuration Manager on your Primary Broker

• Go to the ‘Authentication’ tab.

• Click on the ‘Mappings’ tab

• Click on the ‘Add’ button

• Enter the ‘ID Mask’, in this case we are using the format ‘user@domain.com’

• Select the ‘Authentication Method’ from the drop down list.

• Click OK

• Next up, you should give permissions and credentials to the ID Mask that you added
  

1. In here, you will have two tabs:
   
1. Associated Permissions: Here you can Add/Search and Remove a Local or Domain Windows user and associate it with the Remote user’s ID Mask that you configured above. This will tell Workspace which permissions are set for a given authenticated user, and show the profiles accordingly. Normally you would assign each ID Mask its own user, but in certain scenarios you might see a different scheme.
   
2. Credentials: In this tab, you can store valid Local or Domain Windows user credentials to be used whenever you connect to a profile that has the “Use Authenticated Credentials” option enabled.

1. Once you are done adding the users, don’t forget to click on ‘Apply’ to save the changes.