Links

Get a new Trial Serial Number

This option will allow you to request a 30 day trial license with unlimited access. You will be prompt to enter a valid name and e-mail address.
Once you filled this information hit 'Next' and check your in-box for the serial key.
Read More:
7.1.2.1.3. Activate a Serial Number Online
This is how the "Activate a Serial Number Online" windows looks:
E-mail
Enter the e-mail address you've registered with.
Seria
Enter the serial information we provided you.
Licensing Server URL
If you installed the License Server administrator, enter the License Server URL. Otherwise leave this blank.
If the license information is incorrect, you will see this warning: "The license information is invalid". In this case, please verify the following:
- That you are entering the exact email and Serial number sent to you. The best practice to do this correctly is to copy - paste it, being careful not to include any space after or before.
- That you have a working internet connection. If you intend to install it in a machine with no internet connection, you can try the Manual Activation. If you have internet restrictions because of a proxy, try the Proxy Activation.
If you need additional help, contact us.
If the license information is correct, the License Manager will let you know that "The new license has been installed successfully" and its information will be show in the License Manager.
Read More:
7.1.2.1.4. Activate a Serial Number Offline
Manual Activation is an activation option only for those cases when you want to activate Thinfinity® VirtualUI in a machine that has no internet connection, or an internet connection restricted by heavy security policies that block a regular activation.
· If you haven't tried a regular activation, follow these instructions: Activate a Serial Number Online.
· If your internet restrictions are caused by a proxy, follow these instructions: Proxy Activation.
Before you continue with the steps to perform a manual activation, please contact us.
Once you've selected Activate a Serial Number Offline. You will see the following pop up:
Serial
Enter the license Serial number to generate the manual activation key
Generate Manual Key
After you have entered the serial number, press this button to generate the Manual Activation Key.
Manual Activation Key
After you press the 'Generate Manual Key' button, a Manual Activation Key will appear in this field. Send this Manual Activation Key to support.
Manual License
The support team will reply with the Manual License, a code that you will enter in the field above.
Next
Press this button once you have performed the previous steps to complete your license activation.
Read More:

7.2. Production Server

Thinfinity VirtualUI Server Manager is a tool to administrate the Thinfinity VirtualUI Server. From its interface you can manage applications profiles, permissions and other settings related to Thinfinity VirtualUI Server.
When in development mode, a very similar tool called Development Server Manager is used.
To access Thinfinity VirtualUI Server Manager go to the Start Menu and look for the 'Thinfinity VirtualUI Server Manager' shortcut.
Its main menu has two sub-menus:
File Menu:
The File Menu is composed of the following options:
Save
Click to save any change done on the system Settings.
Exit
Click on this option to exit Thinfinity VirtualUI Server Manager.
Help Menu:
The Help Menu is composed of the following options:
Help
Takes you to the application online guide.
Buy
Takes you to the Cybele Software Buy page.
About Thinfinity VirtualUI
Click on the About to see the application version and build number.
Show Log:
The 'Show log' button in the bottom of the Thinfinity VirtualUI manager will open a file where the server activities, such as connecting and disconnecting, are logged.
Read more:

7.2.1. General

This is how the Thinfinity VirtualUI Server Manager looks in a Standard Mode installation. You will find the following options:
Bind to IP
Use this option to restrict access to the service to one specific IP address. The 'All unassigned' option allows access through all the available IP addresses.
Protocol
Choose between the HTTP and HTTPS protocol.
Press this button to configure HTTP error responses.
This button is only visible when the protocol is set to HTTPS. Press this button to access the options for replacing the default Thinfinity VirtualUI installed certificate with your own. Read more about managing the SSL certificates.
This button is only visible when the protocol is set to HTTPS and the product is installed in 'Standard Mode'. Press this button to access the HTTPS Security Settings.
Port
Choose which port will Thinfinity VirtualUI Server be listening on. If the port is not available, you will see an error message on the status bar.
Show Log
Press to open the file with the Thinfinity VirtualUI log.
Always remember to press 'Apply' in order to save the changes.
Read more:

7.2.1.1. Configure HTTP Error Responses

You can access configuration for the HTTP Error response pages by pressing this button:
which you will find in the Server Manager General tab, when the protocol is set to HTTPS.
You will be presented with the following dialog:
Status Code
This numeric code indicates the status of the response when a browser tries to access content in Thinfinity VirtualUI. The error responses may be displayed in the client browser.
The HTTP status code may indicate whether a request is successful or unsuccessful, and may also reveal the exact reason that a request is unsuccessful.
Path
Shows the path to the error file that will show in case of a particular status code. The default path is the 'web' directory in the Thinfinity Virtual installation directory.
Type
Shows the Thinfinity VirtualUI action in the event of an error status code:
- Send file: Thinfinity VirtualUI will show an error page located physically in the server's computer.
- Redirect: Thinfinity VirtualUI will redirect the page to any web page indicated in the configuration.
Add
Press this button to add a new Custom Error page. Read more about this below.
Edit
Press this button to edit an existing Custom Error Page. Read more about this below.
Remove
Press this button to remove a selected Custom Error Page.
If you choose to add or edit a Custom Error Page, you will be presented with the following dialog:
Status Code
Enter the Status Code number that you want to configure.
Response Action
Choose whether Thinfinity VirtualUI will show a page that is stored locally or will redirect the user to another web page.
Insert Content from file into the error response
Choose this option if you want Thinfinity VirtualUI to show a static page locally stored in your Thinfinity VirtualUI server. Complete the file path by selecting the file you want to show with the button.
Response with a 302 redirect
Choose this option if you want Thinfinity VirtualUI to redirect users to a web page. Type the Absolute URL to this web page in the field below
Press OK to save the changes.
Read more:

7.2.1.2. Managing the SSL Certificate

An SSL certificate is an effective way to secure a website against unauthorized interception of data. At its simplest, an SSL Certificate is used to identify the website and encrypt all data flowing to and from the Certificate holder's web site. This makes all exchanges between the site and its visitors 100 percent private.
Access the SSL certificates configuration by pressing this button:
you will find it in the Server Manager General tab when the protocol is set to HTTPS.
Managing the SSL Certificate
A valid SSL certificate is included with the Thinfinity VirtualUI Server installation. This allows you to encrypt all communications with the product's default certificate. However, browsers will tipically show a security warning. Your communications are encrypted, but the browser notices the name on the certificate is not your company's. You may want to create your own certificate to identify your company and avoid this.
1. There are two ways of creating your own SSL certificate:
b. Using A CA Certificate
2. Once you already have your certificate files, go to the Thinfinity VirtualUI Server Settings 'General' tab.
3. Click on the 'Manage Certificate' option.
4. On this screen you should inform the location of the certificate files, as follows:
Certificate File
Inform the path to the certificate file.
CA File
If the certificate is issued by a unknown CA, you should fill in the pathname to the CA certificate.
Private Key
You should inform the pathname to the certificate private key file.
Pass Phrase
Inform the password that was used, if any, when the private key was generated.
Note: The path names can be absolute (C:\MyCertPath\UserThisCert.pem) or relative to the path where Thinfinity VirtualUI Server is installed (\cert\UserThisCert.perm).
Read more:
7.2.1.2.1. The Default Embedded Certificate
A certificate called "self-signed.pem" is included with the Thinfinity VirtualUI Server installation. You will find it inside the \cert directory, located inside the Thinfinity VirtualUI Server application path.
If you want to use this default certificate you should have the files set as the image below:
You'll find these settings inside the Thinfinity VirtualUI Server Settings 'General' tab, by clicking on the 'Manage certificate' button.
Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority.
Read more:
7.2.1.2.2. A Self-Signed Certificate
This option is used to create your own self-sign certificate.
1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.
2. Press the 'Manage certificate' button.
3. Press the 'Create a self-signed certificate' button.
4. Fill in the form below with your organization data:
Country Code
The two letter country code of the International Organization for Standardization (ISO 3166)
State
Full unabbreviated name of the state or province your organization is located.
Locality
Full unabbreviated name of the city where your organization is located.
Organization
The name your company is legally registered under.
Organizational Unit
Use this field to differentiate between divisions within an organization.
Common Name
The domain name or URL you plan to use this certificate with.
E-Mail Address
Company e-mail address.
Bits
We recommend using a 2048 length key.
5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI Server (ThinfinityVirtualUI.mycompany.com).
6. Press 'Create'.
7. Select the location where you want the certificate to be stored.
8. The application will start using this self-signed certificate created by you.
Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority.
Read more:
7.2.1.2.3. A CA Certificate
In order to use this option you will have to get a certificate from a known Certificate Authority (CA). Some CA examples are GoDaddy, VeriSign, Thawte, GeoTrust and Network Solutions.
The CA will ask you for a "certificate request". Create one following the next steps:
1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.
2. Press the 'Manage certificate' button.
3. Click on the 'Create a certificate request' button.
4. Fill in the form below with your organization data:
Country Code
The two letter country code of the International Organization for Standardization (ISO 3166)
State
Full unabbreviated name of the state or province your organization is located.
Locality
Full unabbreviated name of the city where your organization is located.
Organization
The name your company is legally registered under.
Organizational Unit
Use this field to differentiate between divisions within an organization.
Common Name
The domain name or URL you plan to use this certificate with.
E-Mail Address
Company e-mail address.
Bits
We recommend using a 2048 length key.
5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI server (ThinfinityVirtualUI.mycompany.com)
6. Press 'Create' and the application will generate two files.
7. The first window will ask you for a location to keep the private key file: "Where do you want the private key file to be stored".
a. Inform a name for your private key.
b. Select a place to keep it safe.
c. Press the 'Save' button.
8. The second window will ask you for a location to keep the request file: "Where do you want the request file to be stored.".
a. Inform a name for the request file.
b. Select a directory where you can find the file later on to send to the CA.
c. Press the 'Save' button.
9. The first file is the certificate private key. It should always be kept safe with you.
10. Send only the request file to the CA.
After the CA validation process, place the certificate they sent to you in the Thinfinity VirtualUI Server cert directory and inform the path to the files on Thinfinity VirtualUI Server Manager, Manage Certificate option (Certificate file, CA file and Private Key).
Read more:

7.2.1.3. HTTPS Security Settings

You can access the HTTPS Security Settings by pressing this button:
which you will find in the Server Manager General tab, when the protocol is set to HTTPS.
You will be presented with the following dialog:
Encryption Methods
Select the HTTPS encryptions methods you want Thinfinity VirtualUI to support.
Default
Select which of the supported HTTPS encryption method is the default. When a connection is made with a browser that doesn't support the default encryption method, Thinfinity VirtualUI will negotiate the security with other supported encryption methods on this list.
Read more:

7.2.2. Gateways

In the Thinfinity VirtualUI Manager 'Gateways' tab you will find the following options:
Network ID
The network ID identifies this installation. Thinfinity VirtualUI Servers that want to share their resources through one or more Gateways must match their Network ID.
Press this button to see and/or change the Network ID. The default value is a random string but you can change it to something more descriptive.
Gateway List
A list of the gateways that a user can connect to in order to access this server's resources.
For a typical installation, with no load balancing architecture, leave it blank.
Add
Add a new gateway to the Gateway List. Only if you will use Scaling and Load Balancing.
Remove
Remove a selected gateway from the Gateway List.
Check out the Scaling and Load Balancing section to learn about more options.
Read more:

7.2.3. Sessions

In the Thinfinity VirtualUI Manager 'Sessions' tab you will find the following options:
Standard Mode Installation:
Run under the logged-on user account
Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page.
Run under this account
Check this option to enable Thinfinity VirtualUI to run applications under a specific user.
User name
Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.
Password
Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.
Test
Test the credentials entered to verify that the username and password are correct and can access RDS.
Load Balancing Mode Installation:
Run under the logged-on user account
Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page.
Run under this account
Check this option to enable Thinfinity VirtualUI to run applications under a specific user.
User name
Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.
Password
Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under.
Test
Test the credentials entered to verify that the username and password are correct and can access RDS.
Mode
Multiple Browser per Session
Select this option to run multiple applications in the same RDS Session.
One Browser per Session
Select this option to run applications on individual RDS Sessions. This improves performance but at a higher resource cost.
Always remember to press 'Apply' in order to save the changes and restart the VirtualUI services.
Read more:

7.2.4. Applications

The 'Applications' tab will allow you to configure the applications' locations and settings as well as the user permissions to access them.
Application List
This list shows the available applications. You can enable or disable them by checking the box to the left of the name.
Add
Press this button to add a new application.
Edit
Select an application and press this button to edit it.
Remove
Select an application and press this button to remove it.
Allowed users and groups for selected profile
See here the allowed users or group(s) of users for the selected application. If you want to change the permissions, edit the application.
Database path
Path to the profile database.
Always remember to press 'Apply' in order to save the changes.
Read more:

7.2.4.1. Application Profile

When you edit or add an application profile you will be presented with this screen below.
The radio button 'Application' must be checked.
These are the profile properties you can edit:
Name
Use this field to change the application name.
Virtual Path
The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ip:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface.
Home Page
Choose the landing HTML page for the application.
Open
Press this button to look for the Home Page.
Access Key
This is a unique key for this application profile. The value is used to identify the application when implementing access through the One-Time-URL method.
Icon
Click on the Icon gray box to load an image to be associated with the profile. The image will be presented along with the profile name on the web interface profiles selection.
Application/Web link
Select the Application option to have a regular profile that gives access to an application.
If you select the Web link radio button, this profile will behave like a Web Hyperlink.
Default Application
Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path.
The properties located inside the tabs will be described throughout the next subtopics.
Read more:
7.2.4.1.1. General
In the Application Profile Editor 'General' tab you will find the following options:
Program path and file name
Specify the complete path that gives access to the application executable file.
Arguments
Application arguments.
Start in the following folder
Inform a context directory for the application set on the 'Program path and file name' field.
Resolution
Choose from the available list of resolutions including 'Fit to browser window' and 'Fit to screen', ideal for hiding the browser and working on a full screen mode.
Browser rules file
Sepcify the location of a file composed of a ruleset to adjust the remote desktop resolution according. Read more.
Reconnection Timeout
Set a timeout in minutes if you want Thinfinity VirtualUI Server to wait this period before killing the application once the browser has been closed.
Timeout 0 will kill the application immediately after the browser has been closed.
Read more:
7.2.4.1.2. Credentials
In the Thinfinity VirtualUI Application Editor 'Credentials' tab, you should inform the mode for logging into the specified application:
Use server's account
Use the same credentials entered in the 'Sessions' tab.
Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials
Use the authenticated
credentials
Use the same credentials entered in the browser for Thinfinity VirtualUI (specified in the 'Permissions' tab).
Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials.
Use these
credentials
Complete the credentials used to access the computer.
Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials.
Read more:
7.2.4.1.3. Permissions
Select the users that will access this application. If you don't select any user, this application will not be accessed.
These are the options you will find on the Application Profile Editor 'Permissions' tab:
Allow anonymous access
Check this option to make this application available without any authentication. Use this option if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI will have access to this application. Checking this option will disable the Add and Remove buttons.
Add
Press 'Add' to access the windows dialog for selecting Active Directory users.
Remove
Press 'Remove' to remove a user for this profile.
If you want a user or a user group to access more than one application, you need to create more application profiles and then add this user to each profile.
The authenticated user will be able to choose from the available application profiles on the Web interface.
Read more:
7.2.4.1.4. Restrictions
In the Thinfinity VirtualUI Application Editor 'Restrictions' tab, you can white list or black list the IP addresses which are allowed to connect to the configured application.
No restrictions
No restriction over which IP Addresses will be able to connect to the application.
Allow only from these IPs
Allow connections from the listed IP Addresses.
Block connections from these IPs
Block connections from the listed IP Addresses.
Add
Add an IP Address to the list
Remove
Remove an IP Address from the list
Read more:
7.2.4.1.5. Access Hours
In the Thinfinity VirtualUI Application Editor 'Access Hours' tab, you can define the day and time your application will be available to your users.
Access Permitted
Define which day and hour the application will be available.
Access Denied
Define which day and hour the application will be disabled.
Read more:
7.2.4.1.6. Authentication metods
In the Thinfinity VirtualUI Application Editor 'Authentication Methods' tab, you can define which application will be available after authenticating to Thinfinity.
The Authentication Methods available in the list are those configured in the 'Authentication' tab of the VirtualUI Server Manager.
No restrictions
No restriction on the authentication method used.
Only users authenticated with these methods
Only the users authenticated with the selected methods will be able to see and connect to the configured application.
Read more:
When you edit or add a Web Link profile you will be presented with the screen below.
The 'Web Link' radio button must be marked.
These are the profile properties you can edit:
Name
Use this field to change the profile name.
Virtual Path
The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ThinfinityVirtualUIDomain:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface.
Access Key
This is a unique key for this application profile. The value is used to identify the application when implementing access through the One-Time-URL method.
Icon
Click on the Icon gray box to load an image to be associated with the application. The image will be presented along with the application name on the web interface.
Web link /
Application profile
Select the Weblink option to have a profile that connects to a Web link. These links will be shown along with all the other applications on the Thinfinity VirtualUI start page.
Default Application
Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path.
Web URL
Inform in this field the URL that you want this application profile to connect to.
Get Icon
Retrieve an icon from the specified Web URL to be used in the web link profile
The properties located inside the other tabs will be described throughout the next subtopics.
Read more:
7.2.4.2.1. Permissions
Select the users that will access this application profile. If you don't select any users, this profile will not be available from the Web interface.
These are the options you will find under the 'Permissions' tab:
Allow anonymous access
Check this option to make this application available without any authentication. Use this option, if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI home page will see this profile. Checking this option will disable the Add and Remove buttons.
Add
Press 'Add' to access the windows dialog for selecting Active Directory users.
Remove
Press 'Remove' to remove a user for this application profile.
If you want a user or a user group to access more than one application, you need to create more profiles and then add this user to each profile.
The authenticated user will be able to choose from the Web interface which application s/he will connect to.
Read more:

7.2.5. Authentication

The 'Authentication' tab will allow you to choose the authentication methods to access VirtualUI.
Choose your authentication method(s) in the 'Method' tab:
Authentication methods
This list shows the available authentication methods. You can enable or disable them by checking the box to the left of the name.
Add
Press this button to add a new authentication method. Each method presented will open a new form for you to fill in the relevant information.
Edit
Select an authentication method and press this button to edit it.
Remove
Select an authentication method and press this button to remove it.
Allow anonymous access
Check this to allow anonymous access. This means that users can access anonymous access profiles without any kind of authentication.
Use standard browser authentication dialog
Check this to use the standard browser authentication dialog. When this is unchecked, users will authenticate through the VirtualUI web login.
Read more:

7.2.5.1. Mappings

The 'Mappings' tab of the 'Authentication' tab is where you will map all the credentials of methods other than Windows Logon to Windows Active Directory user so they can be authenticated against the profiles.
Switch base
The 'Mappings' tab can show information in two different ways to ease your mapping process. By pressing the 'Switch base' button, you select whether you prefer to see a list of your authentication ID masks above, that you will map with the Associated User(s)/Group(s) Access below, or a list of Associated Permissions for Active Directory User(s) or Group(s) above that you will map to authentication IDs below. This doesn't change the way it works, only the way it is shown. You might want to think that a certain authentication method username has several Active Directory groups it's associated with and thus choose to see the authentication method usernames above; or you might prefer to see, for example, a list of Active Directory users and link each of them with several authentication method usernames. You can try, and even go back and forth as you add users and decide which way works best for you. Switching the base doesn't change the users nor their mapping.
Authentication ID Mask
This list shows your authentication ID Masks. This means that you can either use an authentication ID, or a mask that matches only some of the username's characters (the rest are represented with *).
Associated Permissions
This list shows the Active Directory user(s) and/or group(s) associated with authentication ID masks.
Enabled
Use this checkbox to enable or disable a particular authentication ID mask (only available when the Authentication ID Masks box is shown above)
Add
Use this button in the box above to add a new authentication ID mask or a new Active Directoy user or group.
Use this button in the box below after selecting an authentication ID mask, Active Directory user or group in the box above, to associate an Active Directory user or group or authentication ID mask, respectively, in the box below.
Remove
Use this button in the box above to remove an authentication ID mask or an Active Directory user or group. Bear in mind that this will also remove the mapping (use the 'Enabled' checkbox to disable it temporarily).
Use this button in the box below to remove the mapping of an Active Directory user or group or authentication ID mask to the authentication ID mask or Active Directory user or group selected in the box above.

7.2.5.2. Radius Authentication Method Settings

When you use RADIUS as an authentication method, you need to set some parameters:
Name
Choose a name to identify this authentication method.
Server IP
Enter the RADIUS Server IP
Port
Enter the RADIUS Port
Shared Secret
Enter the RADIUS Shared Secret
Authentication Type
Choose your authentication type. The 'EAP' option stands for all the EAP authentication methods.
Test Configuration
Press this button to communicate with RADIUS and test the information entered in the above fields to see if it is correct.

7.2.5.3. Oauth 2.0 Authentication Method Settings

When you use OAuth 2.0 as an authentication method, you need to set some parameters.
For predefined methods (Google, Facebook, LinkedIn, Dropbox), the only parameters you will need are the client ID and shared secret
Name
Choose a name to identify this authentication method.
Virtual Path
Type a Virtual Path. If you access your Thinfinity VirtualUI URL followed by the virtual path:
http(s)://ip:port/virtualPath
the application will attempt to log in with this method.
If you change this value, remember to change the CSS for SSO options, setting the style for each login button. The ID for each button must match the Virtual path.
Client ID
Enter your authentication provider Client ID, generated while configuring your account integration.
Client Secret
Your authentication provider's Client Secret generated while configuring your account integration.
In the 'Server' tab of the Authentication Method Settings, you will find that the fields are completed by default for the predefined methods. Like Google in this case:
When you add an Oauth 2.0 method that is not predefined, you will need to complete these fields.
Authorization URL
Enter here the URL where your authentication provider can be reached to request authorization.
Authorization parameters
Additional parameters for the authorization URL
Token Validation Server URL
Enter your authentication provider's token validation server URL.
Profile Information server URL
Enter your authentication provider's information server URL.
Login username value returned in JSON
The name of the login username field as returned in a JSON from you authentication provider.
7.2.5.3.1. Configure OAuth with Auth0
This tutorial will show you how to enable 2FA using Auth0 with Thinfinity VirtualUI .
Auth0 Guardian mobile application is required for 2FA.
1) Create a new application on Auth0’s administrator site, and chose “Single Page Web Application”
2) Copy your Client ID and Client Secret :
3) In the “Allowed Callback URL” , you need to add the URL that you are going to use to authenticate, and the VirtualPath of the Authentication Method ( OAuth by default )
4) To enable 2FA , click on the “Multifactor Auth” and enable “Push Notifications” :
5) Open the Thinfinity VirtualUI Server manager , navigate to the authentication tab , press “Add” -> ”OAuth2.0” -> ”Other”.
6) Add the following information :
This information can be verified in the “Endpoints” tab under Advanced Settings in the Application you created on Auth0’s interface.
Click on “OK” after you entered the information.
7) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Auth0 user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
8) Navigate to the Thinfinity’s landing page, and you should see the “Login With OAuth” option listed as an Authentication Method.
7.2.5.3.2. Configure OAuth with Okta
How to set up multifactor authentication to your environment or virtualized application.
In this quick tutorial, we will show how to properly configure Okta OAuth 2.0 for Thinfinity Remote Desktop Server and Thinfinity VirtualUI.
1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :
2) Select OpenID Connect as the Authentication Method :
3) Give the application a name, and type in the URL you use to reach Thinfinity. Then press “Save”.
4) You should be redirected to the Application Settings. In here, press the “General” button, and edit the “Login information”.
Configure the “Initiate login URI” field, by adding the Thinfinity’s website address and “/Okta” at the end of the URL.
5) Copy and past both Client ID and Client Secret for future references :
6) Click on the “Assignments” tab and add your users to the Application :
7) Now , open either the Thinfinity Remote Desktop Server Manager or the Thinfinity VirtualUI Manager and navigate to the “Authentication” tab. Click on OAuth 2.0 and choose “Other”.
8) Enter your Client ID and Client Secret :
9) Click on the “Server” tab and add the following parameters :
Authorization URL: https://[MyOktaSpace].okta.com/oauth2/v1/authorize
Parameters: scope=openid+profile&state=okta
Token Validation Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/token
Profile Information Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/userinfo
Login username value in returned Json: preferred_username
You’ll also need to change the name of the Authentication Method to “Okta” ( Or to the URL you configure in the Initiate Login URI )
Press “OK” after you finish configuring the Authentication Method
10) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Okta user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
11) Navigate to the Thinfinity’s landing page, and you should see the “Login With Okta” option listed as an Authentication Method.

7.2.5.4. External DLL Authentication Method Settings

When you use your own customized external DLL as an authentication method, you only need to set the DLL.
Name
Choose a name to identify this authentication method.
External Authentication Provider
Select the DLL of your external authentication method.
Read more:

7.2.5.5. Duo Authentication Method Settings

When you use Duo as an authentication method, you need to set some parameters.
Integration Key
Enter your authentication provider Integration Key, generated while configuring your account integration.
Secret Key
Your authentication provider's Secret Key generated while configuring your account integration.
API Hostname
Your authentication provider's API Hostname generated while configuring your account integration.
AKey
Automatically configured by VirtualUI
In the following topic we'll cover how to properly configure DUO as an authentication method using Thinfinity VirtualUI :
7.2.5.5.1. How to configure DUO
To configure DUO’s Two-Factor authentication, please follow these steps :
On DUO’s Web Interface :
1) Navigate to the Applications tab on Duo's administrator website :
2) Click on "Protect an Application" :
3) Create a new "Web SDK" application and click on "Protect this Application" :
4) Copy the Integration Key, Secret Key, and API Hostname :
5) Now open the Thinfinity Remote Desktop Server Manager, navigate to the "Authentication" tab , click on "Add" and "DUO" :
6) Copy the Integration Key, Secret Key, and API Hostname provided by DUO , then click "OK" and "Apply" :
7) Navigate to the Thinfinity login page , select "Use DUO" as a method of authentication, and enter valid credentials :
8) Now , you will be given the change to authenticate using a valid DUO authentication method :
Once you validate your account , you will be redirected to the index page with the Duo user validated.
.

7.2.5.6. SAML Authentication Method Settings

When you use Duo as an authentication method, you need to set some parameters.
Service Identifier
Service Certificate file
Service Certificate Password
Identification ID