How to map users from external identity providers to newly created local or domain users
Introduction
In Thinfinity Workspace, you can effectively manage system access across various authentication providers with its ‘Create if it doesn’t exist’ feature, enabling seamless mapping of users from external identity providers to local or domain users on the host machine, even when these users are not preexisting in the host environment.
This powerful feature empowers administrators to create local or domain users on the host machine while connecting to external Identity Provider technologies, such as Radius, OAuth (Google, LinkedIn Facebook, Azure AD, Okta, Duo), SAML and others.
The Create if it doesn’t exist function ensures that when a verified user from an external domain logs in, Thinfinity Workspace captures their external ID and automatically generates a corresponding local account on the host machine, complete with pre-established permissions as defined by the administrator.
How to Map External users and create a user locally.
You can make a certain Profile create the users on demand if they do not exist once a certain external authenticated user is trying to access that application.
To map external users from various domains to local accounts on the host machine using Thinfinity Workspace, follow these steps:
Open Thinfinity Workspace Configuration Manager on your primary broker.
Go to the ‘Access Profiles’ tab and locate the profile you want to modify.
Click ‘Edit’ to modify its settings.
In the ‘General’ tab, select the ‘Use these credentials’ option and then check the box ‘Create if it doesn’t exist’
Complete the Pattern and Replace fields with the correct Regular Expression for you:
Example of user creation against external domains that use @contoso.com as method of user authentication (works for Azure as well):
Example of user creation against external domains that authenticate with the domain (Ex. contoso\) as method of user authentication:
Pattern: ((?i)contoso)\\(.+)
If you want the newly created user to have the same permissions assigned as a specific pre-configured group within your local/domain environment, you can use the ‘Add to group’ field.
Note that you can also configure this from Thinfinity Workspace web page using the same set of options, whether it’s for a new or an existing profile:
Summary
Related Articles
Streamline User Management with Thinfinity Remote Active Directory Manager: A Comprehensive Guide
Welcome to another insightful blog post that aims to simplify user management in your organization through the power of Thinfinity Remote Active Directory Manager. As you're aware, efficient user management is crucial for maintaining productivity and ...How to configure a shared local database and improve performance using SQL server across multiple brokers
Product: Thinfinity Workspace Version: 7 and above Thinfinity Workspace uses a shared local database based on Absolute Database, a Delphi database engine. It is a compact, fast, robust and easy-to-use database engine designed to improve performance ...Configure Single Sign-On in using OneLogin with OAuth
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...How to Create your First RDP Connection Terminal Server (local Host)
1. Introduction Welcome to this comprehensive guide, specifically designed to streamline the setup of your initial RDP connection using Thinfinity® Workspace. This tutorial focuses on creating an RDP connection on the same server where Thinfinity® ...How to Publish your First RemoteApp (local host)
1. Introduction In this guide, you will learn how to configure your first RemoteApp assuming you have read the Getting Started Guide. This guide has been crafted for administrators like you, responsible for establishing and configuring Thinfinity® ...