The SSO Enterprise Mapping Solution empowers administrators to efficiently map user credentials, integrating enterprise authentication methods with Thinfinity Workspace access management. This feature enhances security, reduces repetitive logins, and simplifies access to multiple resources, providing a seamless and user-friendly experience for both end users and administrators.

After configuring the desired SSO authentication method, the next step is to set up the credential mapping configuration. This process enables you to fully leverage the feature, creating a streamlined and centralized access environment for your team.

Configuring Mapping Settings

1. Run Thinfinity Configuration Manager, go to the Mappings section on the Authentication tab.
   
2. Click on Add, complete the form, and select the Association option that best fits your needs:
   
   

   Association options	Description
   Inherited permissions from users/groups	Allows credential mapping to inherit the permissions of the specified local user or group. The mapped SSO credentials will automatically assume the access rights and restrictions of the chosen local user or group, streamlining permissions management and ensuring consistency across user profiles.
   Ask for credentials to associate	Once the end-user has logged into Thinfinity Workspace with the selected SSO method, they will be prompted to specify which credentials their account will be associated with. All the access profiles will then utilize this association for executing access profiles configured with the Use authenticated credentials setting.
   Associate existing username	Allows you to map the configured SSO user to the permissions of an existing local domain user. Regarding the password setup, this option provides flexibility: You can configure it to prompt the user for a password, enforce a specific password, or require a new or replacement password.
   Create username if doesn’t exist and associate	Provides a way to map users from external identity providers to local or domain users on the host machine, even if these users don’t already exist in the host environment. This feature allows to create automatically local or domain users on the host machine when connecting with external Identity Providers. Thinfinity Workspace captures the external ID of any verified user logging in from an external domain and automatically generates a corresponding local account on the host machine. This new account will inherit permissions predefined by the administrator.

   
   
   
3. When done, click OK to submit.

1. Ensure you have backed up your current mapping using the Export option.
2. Navigate to the Mappings tab on the Authentication section in the Configuration Manager.
3. Click on Import, select the JSON file containing the new mapping, and confirm.
   

Important notes

1. File Format: Both Export and Import functionalities use JSON files. Ensure the file is formatted correctly before importing.
2. Passwords: Passwords for local accounts can be included during import. Passwords are not exported when using the Export option.
3. Configuration Overwrite: The import process replaces all current mappings. No merge or partial updates are supported.
   

Exporting User Mapping

The Export option allows you to generate a JSON file containing the current user mapping configuration. However, user passwords are not included in the exported file for security reasons.

Follow the next steps to export a mapping configuration JSON file:

1. Navigate to the Mappings tab on the Authentication section in the Configuration Manager.
   
2. Click on Export.
   
3. Save the exported JSON file in a secure directory.

Best Practice

Before making changes or importing new mappings, always create a backup by exporting the current configuration and saving it in a different directory. This ensures you can manually restore the mapping if needed.