Multi-Tenant Architecture with Dedicated SSO Authentication on Each Broker
As part of the load balancing capabilities Thinfinity® Workspace allows you to setup a Gateway that serves two (or more) Brokers on separate DNS's with dedicated SSO authentication. The diagram below presents the architecture details in such a scenario.
Preliminary Steps
1. Install Thinfinity Workspace in Gateway mode on a DMZ server.
2. Install Thinfinity Workspace in Broker mode on the servers you wish to configure for each Domain.
3. For our example, we are using a valid HTTPS certificate for *.thinfinity.cloud.
The DNS's used for this example are:
- https://broker1.thinfinity.cloud
- https://broker2.thinfinity.cloud
Gateway Configuration
1. Open Thinfinity Gateway and in the General tab, click Add. In the Binding dialog window:
- Change the default HTTP option to HTTPS.
- Change the port to 443.
- In the SSL section, click New. Follow the steps to import the wildcard certificate. For this example, we'll use *.thinfinity.cloud.
Click OK.
3. Back to the General tab, click on the NetworkID button. Generate a new subdomain for each tenant using the format NetworkID#Number-Of-Tenant.
Make sure to click Apply to implement the changes.
Brokers Configuration
1. Open Thinfinity Configuration Manager and in the Broker tab locate the Network ID field. Paste the corresponding NetworkID generated in the previous step.
2. On the Broker which corresponds to broker1.thinfinity.cloud domain add the Gateway URL pointing to its corresponding subdomain.
3. Repeat the procedure on the second Broker server using its corresponding subdomain.
Note: The client name can be a random number between 1 and 6 digits. This client name must be appended after the Gateway's NetworkID with a following format: #XXXXXX.
SSO Configuration for Each Broker
1. Open Thinfinity Configuration Manager and select the Authentication tab. Click Add and define the desired SSO. For this example, we have defined Azure for broker1.thinfinty.cloud and Google for broker2.thinfinity.cloud.
Single Sign-On with Azure on Broker 1
Single Sign-On with Google on Broker 2
Single Sign-On with Azure on Broker 1
Single Sign-On with Google on Broker 2
2. Once you defined the SSO on each Broker, make sure to add the Authentication ID Mask as required.
3. Finally, restart the services to apply all changes.
Now you will be able to connect to the defined URLs with the dedicated SSO authentication method for each Broker.
Thinfinity Login Page with Azure SSO on Broker 1
Thinfinity Login Page with Google SSO on Broker 2
Thinfinity Login Page with Azure SSO on Broker 1
Thinfinity Login Page with Google SSO on Broker 2
Related Articles
Secondary Broker Pools: RemoteApp Publishing with a Zero Trust Application Access Approach – A Modern Alternative to Microsoft Collections
Introduction In an era where remote access to applications and desktops is essential, companies have traditionally relied on Remote Desktop Services (RDS) collections for desktops and apps publishing. This approach leveraged the compute power of ...How To Install a Secondary Broker
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will guide you through the process of installing a Secondary Broker, a crucial component in building a resilient and scalable network infrastructure. Whether you ...How to Configure and Connect a Secondary Broker
Product: Thinfinity Workspace Versions: 7 and later Introduction In the Thinfinity Workspace environment, a Secondary Broker serves as an essential load-balancing and redundancy component. It delivers high availability and fault tolerance while ...How to Publish a VirtualUI Application on a Secondary Broker
Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will guide you through the process of publishing a VirtualUI application on a Secondary Broker. Publishing VirtualUI applications on a Secondary Broker in ...How to Install a Gateway and Primary Broker on a Single Host
Overview This document will guide you through the process of installing both a Gateway and a Primary Broker on a single host. Prerequisites Gateway & Primary Broker Host: Windows x64 Bits Ver.: 8, 8.1, 10, 11. Windows Server X64 Bits Ver.: ...