Integrating SSO Enterprise Mapping Solution for Thinfinity Workspace

Introduction

Thinfinity® Workspace 8 introduces a powerful new feature for businesses seeking a secure and streamlined Single Sign-On (SSO) experience: the SSO Enterprise Mapping Solution. This tool enables administrators to map user credentials efficiently, linking enterprise authentication methods with Thinfinity Workspace access management. Designed to enhance security, minimize repetitive logins, and simplify access to multiple resources, the SSO Enterprise Mapping Solution ensures a seamless and user-friendly experience for both end users and administrators.

The following tutorial will guide you through setting up and configuring credential mapping for SSO authentication, helping you leverage this feature to create an efficient, centralized access environment for your team.

Once the desired SSO authentication method has been configured, you must proceed with setting up the credential mapping configuration. With this feature, you will have various options available to tailor the mapping process to your specific needs.

Inherited permissions from users/groups

The Inherited permissions from users/groups option allows credential mapping to inherit the permissions of the specified local user or group. With this configuration, the mapped SSO credentials will automatically assume the access rights and restrictions of the chosen local user or group, streamlining permissions management and ensuring consistency across user profiles.

Ask for credentials to associate

By using the Ask for credentials to associate option, once the end-user has logged into Thinfinity with the selected SSO method, they will be prompted to specify which credentials their account will be associated with. All the access profiles will then utilize this association for executing access profiles configured with the Use authenticated credentials setting.

Associate existing username

The Associate existing username option allows you to map the configured SSO user to the permissions of an existing local domain user. Regarding the password setup, this option provides flexibility: you can configure it to prompt the user for a password, enforce a specific password, or require a new or replacement password. This ensures that administrators can tailor the credential association process to meet both security and operational needs.

Create username if doesn’t exist and associate

The Create username if doesn’t exist and associate option provides a seamless way to map users from external identity providers to local or domain users on the host machine, even if these users don’t already exist in the host environment.

This feature allows administrators to automatically create local or domain users on the host machine when connecting with external Identity Providers. Workspace captures the external ID of any verified user logging in from an external domain and automatically generates a corresponding local account on the host machine. This new account will inherit permissions predefined by the administrator, ensuring that users receive immediate and secure access aligned with organizational policies.

User mapping export and import

This section explains how to use the Export and Import functionalities to manage user mapping in Workspace. These options involve JSON files, which contain the configuration data. Please note the critical behaviors of these options and recommended best practices to avoid unintended configuration changes.

Exporting user mapping

The Export option allows you to generate a JSON file containing the current user mapping configuration. However, user passwords are not included in the exported file for security reasons.

Steps to export user mapping

1. Navigate to the User Mapping section in the admin portal.
   
2. Click on Export.
   
3. Save the exported JSON file in a secure directory.

Best Practice

Before making changes or importing new mappings, always create a backup by exporting the current configuration and saving it in a different directory. This ensures you can manually restore the mapping if needed.

Importing user mapping

The Import option allows you to upload a JSON file to replace the current user mapping configuration. This process will completely overwrite the existing configuration without the possibility of rollback.

Key points about import

1. The import process cannot be undone.
2. Always perform an Export Backup before importing a new configuration.
3. It is possible to include local user passwords in the JSON import file. Handle such files carefully, as they contain sensitive information.
   

Steps to import user mapping

1. Ensure you have backed up your current mapping using the Export option.
2. Navigate to the Mapping tab on the Authentication section in the Configuration Manager.
3. Click on Import, select the JSON file containing the new mapping, and confirm.
   

Important notes

File Format: Both Export and Import functionalities use JSON files. Ensure the file is formatted correctly before importing.

Passwords: Passwords for local accounts can be included during import. Passwords are not exported when using the Export option.

Configuration Overwrite: The import process replaces all current mappings. No merge or partial updates are supported.

• Related Articles

• What's New on Thinfinity Remote Workspace 8

  Introduction Welcome to our comprehensive guide to the Thinfinity® Workspace 8. This article will introduce you to the product's groundbreaking features, new connection protocols, and enhanced user experience. Thinfinity Workspace 8 is the epitome of ...

• How to Enable H264 in Thinfinity Workspace

  Product: Thinfinity Workspace Version: 7 and later Introduction H264 is the most widely used format for efficiently capturing, compressing, and distributing high-quality video content. As such, Thinfinity Workspace must work with H264 to provide a ...

• Remote Desktop Session Recording with Thinfinity® Workspace

  Introduction Imagine effortlessly reviewing remote sessions or guiding users through an application—Thinfinity Workspace turns this into a reality with session recording and playback features. Activate this capability in the Advanced tab within your ...

• Getting Started Guide

  Welcome to the Thinfinity® Workspace 8 Getting Started Guide Follow the step-by-step instructions in this guide to deploy Thinfinity Workspace 8 in a testing environment. System Requirements Info Web Client (End User): OS independent. No need to ...

• How to Install and Configure Thinfinity Workspace in Agent Mode

  Product: Thinfinity Workspace Version: 7 and later Introduction This document will guide you through the process of installing and configuring Thinfinity Workspace in Agent mode. The Workspace Agent provides a convenient solution for establishing ...