How to Map Users from External Identity Providers to Newly Created Local or Domain Users

How to Map Users from External Identity Providers to Newly Created Local or Domain Users

Introduction

In Thinfinity Workspace, you can effectively manage system access across various authentication providers with its ‘Create if it doesn’t exist’ feature, enabling seamless mapping of users from external identity providers to local or domain users on the host machine, even when these users are not preexisting in the host environment.

This powerful feature empowers administrators to create local or domain users on the host machine while connecting to external Identity Provider technologies, such as Radius, OAuth (Google, LinkedIn Facebook, Azure AD, Okta, Duo), SAML and others.

The Create if it doesn’t exist function ensures that when a verified user from an external domain logs in, Thinfinity Workspace captures their external ID and automatically generates a corresponding local account on the host machine, complete with pre-established permissions as defined by the administrator.

How to Map External Users and Create a User Locally using the Configuration Manager


You can make a certain Profile create the users on demand if they do not exist once a certain external authenticated user is trying to access that application. To map external users from various domains to local accounts on the host machine using Thinfinity Workspace, follow these steps: 


1. Open Thinfinity Workspace Configuration Manager on your primary broker, go to the Access Profile tab and locate the profile you want to modify. Click Edit to modify its settings.




2. In the General tab, select Use these credentials then check the box Create if it doesn’t exist. Complete the Pattern and Replace fields with the correct Regular Expression according to your chosen method.

Here is an example of user creation against external domains that use @contoso.com as method of user authentication (works for Azure as well):

Pattern: ([a-zA-Z0-9\.]+)@contoso\.com\$)
Replace with: targetdomain\\$1

Here is an example of user creation against external domains that authenticate with the domain (Ex. contoso\) as method of user authentication:

Pattern: ((?i)contoso)\\(.+) 

Replace with: targetdomain\\$2




Notes

If you want the newly created user to have the same permissions as a specific pre-configured group within your local/domain environment, use the Add to group field.

How to Map External Users and Create a User Locally using the Web Manager

To map external users from various domains to local accounts on the host machine using Thinfinity Workspace Web Managerfollow these steps: 

1. In Thinfinity home page click the three-dot button of the profile you want to modify and select Edit.



2. In the RDP Settings menu navigate to the User Credentials section.


 



Fill in the desired parameters in the Pattern and Replace with fields as explained in the previous paragraphs.


Summary

In summary, Thinfinity® Workspace‘s Create if it doesn’t exist feature enables seamless mapping of external users to local accounts on the host machine, even when they are not preexisting in the host environment. This feature offers a secure and efficient way for administrators to manage system access across various authentication providers and improve remote access experiences. This concludes the Tutorial to Map Users from External domains to newly created Local Accounts on Demand.