Get a new Trial Serial Number
This option will allow you to request a 30 day trial license with unlimited access. You will be prompt to enter a valid name and e-mail address.
Once you filled this information hit 'Next' and check your in-box for the serial key.
Read More:
· Proxy Activation
· Activate a Serial Number Online
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.1.2.1.3. Activate a Serial Number Online
This is how the "Activate a Serial Number Online" windows looks:
Enter the e-mail address you've registered with. | |
Seria | Enter the serial information we provided you. |
Licensing Server URL | If you installed the License Server administrator, enter the License Server URL. Otherwise leave this blank. |
If the license information is incorrect, you will see this warning: "The license information is invalid". In this case, please verify the following:
- That you are entering the exact email and Serial number sent to you. The best practice to do this correctly is to copy - paste it, being careful not to include any space after or before.
- That you have a working internet connection. If you intend to install it in a machine with no internet connection, you can try the Manual Activation. If you have internet restrictions because of a proxy, try the Proxy Activation.
If you need additional help, contact us.
If the license information is correct, the License Manager will let you know that "The new license has been installed successfully" and its information will be show in the License Manager.
Read More:
· Proxy Activation
· Get a new Trial Serial Number
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.1.2.1.4. Activate a Serial Number Offline
Manual Activation is an activation option only for those cases when you want to activate Thinfinity® VirtualUI in a machine that has no internet connection, or an internet connection restricted by heavy security policies that block a regular activation.
· If you haven't tried a regular activation, follow these instructions: Activate a Serial Number Online.
· If your internet restrictions are caused by a proxy, follow these instructions: Proxy Activation.
Before you continue with the steps to perform a manual activation, please contact us.
Once you've selected Activate a Serial Number Offline. You will see the following pop up:
Serial | Enter the license Serial number to generate the manual activation key |
Generate Manual Key | After you have entered the serial number, press this button to generate the Manual Activation Key. |
Manual Activation Key | After you press the 'Generate Manual Key' button, a Manual Activation Key will appear in this field. Send this Manual Activation Key to support. |
Manual License | The support team will reply with the Manual License, a code that you will enter in the field above. |
Next | Press this button once you have performed the previous steps to complete your license activation. |
Read More:
· Proxy Activation
· Get a new Trial Serial Number
· Activate a Serial Number Online
This help system was created with an evaluation copy of Help & Manual.
7.2. Production Server
Thinfinity VirtualUI Server Manager is a tool to administrate the Thinfinity VirtualUI Server. From its interface you can manage applications profiles, permissions and other settings related to Thinfinity VirtualUI Server.
When in development mode, a very similar tool called Development Server Manager is used.
To access Thinfinity VirtualUI Server Manager go to the Start Menu and look for the 'Thinfinity VirtualUI Server Manager' shortcut.
Its main menu has two sub-menus:
File Menu:
The File Menu is composed of the following options:
Save | Click to save any change done on the system Settings. |
Exit | Click on this option to exit Thinfinity VirtualUI Server Manager. |
Help Menu:
The Help Menu is composed of the following options:
Help | Takes you to the application online guide. |
Buy | Takes you to the Cybele Software Buy page. |
About Thinfinity VirtualUI | Click on the About to see the application version and build number. |
Show Log:
The 'Show log' button in the bottom of the Thinfinity VirtualUI manager will open a file where the server activities, such as connecting and disconnecting, are logged.
Read more:
· The 'General' Tab
· The 'Gateways' tab
· The 'Sessions' tab
· The 'Applications' tab
· The 'Licences' tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1. General
This is how the Thinfinity VirtualUI Server Manager looks in a Standard Mode installation. You will find the following options:
Bind to IP | Use this option to restrict access to the service to one specific IP address. The 'All unassigned' option allows access through all the available IP addresses. |
Protocol | Choose between the HTTP and HTTPS protocol. |
Press this button to configure HTTP error responses. | |
This button is only visible when the protocol is set to HTTPS. Press this button to access the options for replacing the default Thinfinity VirtualUI installed certificate with your own. Read more about managing the SSL certificates. | |
This button is only visible when the protocol is set to HTTPS and the product is installed in 'Standard Mode'. Press this button to access the HTTPS Security Settings. | |
Port | Choose which port will Thinfinity VirtualUI Server be listening on. If the port is not available, you will see an error message on the status bar. |
Show Log | Press to open the file with the Thinfinity VirtualUI log. |
Always remember to press 'Apply' in order to save the changes.
Read more:
· Configure HTTP Error Responses
· Managing the SSL Certificate
· HTTPS Security Settings
· The 'Gateways' tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.1. Configure HTTP Error Responses
You can access configuration for the HTTP Error response pages by pressing this button:
which you will find in the Server Manager General tab, when the protocol is set to HTTPS.
You will be presented with the following dialog:
Status Code | This numeric code indicates the status of the response when a browser tries to access content in Thinfinity VirtualUI. The error responses may be displayed in the client browser. The HTTP status code may indicate whether a request is successful or unsuccessful, and may also reveal the exact reason that a request is unsuccessful. |
Path | Shows the path to the error file that will show in case of a particular status code. The default path is the 'web' directory in the Thinfinity Virtual installation directory. |
Type | Shows the Thinfinity VirtualUI action in the event of an error status code: - Send file: Thinfinity VirtualUI will show an error page located physically in the server's computer. - Redirect: Thinfinity VirtualUI will redirect the page to any web page indicated in the configuration. |
Add | Press this button to add a new Custom Error page. Read more about this below. |
Edit | Press this button to edit an existing Custom Error Page. Read more about this below. |
Remove | Press this button to remove a selected Custom Error Page. |
If you choose to add or edit a Custom Error Page, you will be presented with the following dialog:
Status Code | Enter the Status Code number that you want to configure. |
Response Action | Choose whether Thinfinity VirtualUI will show a page that is stored locally or will redirect the user to another web page. |
Insert Content from file into the error response | Choose this option if you want Thinfinity VirtualUI to show a static page locally stored in your Thinfinity VirtualUI server. Complete the file path by selecting the file you want to show with the button. |
Response with a 302 redirect | Choose this option if you want Thinfinity VirtualUI to redirect users to a web page. Type the Absolute URL to this web page in the field below |
Press OK to save the changes.
Read more:
· Managing the SSL Certificate
· HTTPS Security Settings
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.2. Managing the SSL Certificate
An SSL certificate is an effective way to secure a website against unauthorized interception of data. At its simplest, an SSL Certificate is used to identify the website and encrypt all data flowing to and from the Certificate holder's web site. This makes all exchanges between the site and its visitors 100 percent private.
Access the SSL certificates configuration by pressing this button:
you will find it in the Server Manager General tab when the protocol is set to HTTPS.
Managing the SSL Certificate
A valid SSL certificate is included with the Thinfinity VirtualUI Server installation. This allows you to encrypt all communications with the product's default certificate. However, browsers will tipically show a security warning. Your communications are encrypted, but the browser notices the name on the certificate is not your company's. You may want to create your own certificate to identify your company and avoid this.
1. There are two ways of creating your own SSL certificate:
a. Creating A self-signed certificate
b. Using A CA Certificate
2. Once you already have your certificate files, go to the Thinfinity VirtualUI Server Settings 'General' tab.
3. Click on the 'Manage Certificate' option.
4. On this screen you should inform the location of the certificate files, as follows:
Certificate File
Inform the path to the certificate file.
CA File
If the certificate is issued by a unknown CA, you should fill in the pathname to the CA certificate.
Private Key
You should inform the pathname to the certificate private key file.
Pass Phrase
Inform the password that was used, if any, when the private key was generated.
Note: The path names can be absolute (C:\MyCertPath\UserThisCert.pem) or relative to the path where Thinfinity VirtualUI Server is installed (\cert\UserThisCert.perm).
Read more:
· The Default Embedded Certificate
· A Self-Signed Certificate
· A CA Certificate
· HTTPS Security Settings
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.2.1. The Default Embedded Certificate
A certificate called "self-signed.pem" is included with the Thinfinity VirtualUI Server installation. You will find it inside the \cert directory, located inside the Thinfinity VirtualUI Server application path.
If you want to use this default certificate you should have the files set as the image below:
You'll find these settings inside the Thinfinity VirtualUI Server Settings 'General' tab, by clicking on the 'Manage certificate' button.
Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority. |
Read more:
· A Self-Signed Certificate
· A CA Certificate
· HTTPS Security Settings
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.2.2. A Self-Signed Certificate
This option is used to create your own self-sign certificate.
1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.
2. Press the 'Manage certificate' button.
3. Press the 'Create a self-signed certificate' button.
4. Fill in the form below with your organization data:
Country Code | The two letter country code of the International Organization for Standardization (ISO 3166) |
State | Full unabbreviated name of the state or province your organization is located. |
Locality | Full unabbreviated name of the city where your organization is located. |
Organization | The name your company is legally registered under. |
Organizational Unit | Use this field to differentiate between divisions within an organization. |
Common Name | The domain name or URL you plan to use this certificate with. |
E-Mail Address | Company e-mail address. |
Bits | We recommend using a 2048 length key. |
5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI Server (ThinfinityVirtualUI.mycompany.com).
6. Press 'Create'.
7. Select the location where you want the certificate to be stored.
8. The application will start using this self-signed certificate created by you.
Because this certificate is not issued by a known Certificate Authority (CA), the web browsers will warn you they can not verify its authority. |
Read more:
· A CA Certificate
· HTTPS Security Settings
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.2.3. A CA Certificate
In order to use this option you will have to get a certificate from a known Certificate Authority (CA). Some CA examples are GoDaddy, VeriSign, Thawte, GeoTrust and Network Solutions.
The CA will ask you for a "certificate request". Create one following the next steps:
1. Go to the Thinfinity VirtualUI Server Settings 'Security' tab.
2. Press the 'Manage certificate' button.
3. Click on the 'Create a certificate request' button.
4. Fill in the form below with your organization data:
Country Code | The two letter country code of the International Organization for Standardization (ISO 3166) |
State | Full unabbreviated name of the state or province your organization is located. |
Locality | Full unabbreviated name of the city where your organization is located. |
Organization | The name your company is legally registered under. |
Organizational Unit | Use this field to differentiate between divisions within an organization. |
Common Name | The domain name or URL you plan to use this certificate with. |
E-Mail Address | Company e-mail address. |
Bits | We recommend using a 2048 length key. |
5. The 'Common Name' field should be filled with the server+domain that will be used to access Thinfinity VirtualUI server (ThinfinityVirtualUI.mycompany.com)
6. Press 'Create' and the application will generate two files.
7. The first window will ask you for a location to keep the private key file: "Where do you want the private key file to be stored".
a. Inform a name for your private key.
b. Select a place to keep it safe.
c. Press the 'Save' button.
8. The second window will ask you for a location to keep the request file: "Where do you want the request file to be stored.".
a. Inform a name for the request file.
b. Select a directory where you can find the file later on to send to the CA.
c. Press the 'Save' button.
9. The first file is the certificate private key. It should always be kept safe with you.
10. Send only the request file to the CA.
After the CA validation process, place the certificate they sent to you in the Thinfinity VirtualUI Server cert directory and inform the path to the files on Thinfinity VirtualUI Server Manager, Manage Certificate option (Certificate file, CA file and Private Key).
Read more:
· HTTPS Security Settings
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.1.3. HTTPS Security Settings
You can access the HTTPS Security Settings by pressing this button:
which you will find in the Server Manager General tab, when the protocol is set to HTTPS.
You will be presented with the following dialog:
Encryption Methods | Select the HTTPS encryptions methods you want Thinfinity VirtualUI to support. |
Default | Select which of the supported HTTPS encryption method is the default. When a connection is made with a browser that doesn't support the default encryption method, Thinfinity VirtualUI will negotiate the security with other supported encryption methods on this list. |
Read more:
· The 'Gateways' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.2. Gateways
In the Thinfinity VirtualUI Manager 'Gateways' tab you will find the following options:
Network ID | The network ID identifies this installation. Thinfinity VirtualUI Servers that want to share their resources through one or more Gateways must match their Network ID. Press this button to see and/or change the Network ID. The default value is a random string but you can change it to something more descriptive. |
Gateway List | A list of the gateways that a user can connect to in order to access this server's resources. For a typical installation, with no load balancing architecture, leave it blank. |
Add | Add a new gateway to the Gateway List. Only if you will use Scaling and Load Balancing. |
Remove | Remove a selected gateway from the Gateway List. |
Check out the Scaling and Load Balancing section to learn about more options.
Read more:
· The 'RDS' Tab
· The 'Applications' Tab
· The 'Licenses' Tab
· Scaling and Load Balancing
This help system was created with an evaluation copy of Help & Manual.
7.2.3. Sessions
In the Thinfinity VirtualUI Manager 'Sessions' tab you will find the following options:
Standard Mode Installation:
Run under the logged-on user account | Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page. |
Run under this account | Check this option to enable Thinfinity VirtualUI to run applications under a specific user. |
User name | Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under. |
Password | Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under. |
Test | Test the credentials entered to verify that the username and password are correct and can access RDS. |
Load Balancing Mode Installation:
Run under the logged-on user account | Check this option to enable Thinfinity VirtualUI to run applications under the logged in user in the Thinfinity VirtualUI landing page. |
Run under this account | Check this option to enable Thinfinity VirtualUI to run applications under a specific user. |
User name | Enter the username for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under. |
Password | Enter the password for the Remote Desktop Services session you want Thinfinity VirtualUI to run applications under. |
Test | Test the credentials entered to verify that the username and password are correct and can access RDS. |
Mode
Multiple Browser per Session | Select this option to run multiple applications in the same RDS Session. |
One Browser per Session | Select this option to run applications on individual RDS Sessions. This improves performance but at a higher resource cost. |
Always remember to press 'Apply' in order to save the changes and restart the VirtualUI services.
Read more:
· The 'Applications' Tab
· The 'Licenses' Tab
· Scaling and Load Balancing
This help system was created with an evaluation copy of Help & Manual.
7.2.4. Applications
The 'Applications' tab will allow you to configure the applications' locations and settings as well as the user permissions to access them.
Application List | This list shows the available applications. You can enable or disable them by checking the box to the left of the name. |
Add | Press this button to add a new application. |
Edit | Select an application and press this button to edit it. |
Remove | Select an application and press this button to remove it. |
Allowed users and groups for selected profile | See here the allowed users or group(s) of users for the selected application. If you want to change the permissions, edit the application. |
Database path | Path to the profile database. |
Always remember to press 'Apply' in order to save the changes.
Read more:
· Application Profile
· Weblink Profile
· The 'Licenses' Tab
· Scaling and Load Balancing
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1. Application Profile
When you edit or add an application profile you will be presented with this screen below.
The radio button 'Application' must be checked.
These are the profile properties you can edit:
Name | Use this field to change the application name. |
Virtual Path | The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ip:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface. |
Home Page | Choose the landing HTML page for the application. |
Open | Press this button to look for the Home Page. |
Access Key | This is a unique key for this application profile. The value is used to identify the application when implementing access through the One-Time-URL method. |
Icon | Click on the Icon gray box to load an image to be associated with the profile. The image will be presented along with the profile name on the web interface profiles selection. |
Application/Web link | Select the Application option to have a regular profile that gives access to an application. If you select the Web link radio button, this profile will behave like a Web Hyperlink. |
Default Application | Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path. |
The properties located inside the tabs will be described throughout the next subtopics.
Read more:
· The 'General' Tab
· The 'Credentials' Tab
· The 'Permissions' Tab
· Weblink Profile
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.1. General
In the Application Profile Editor 'General' tab you will find the following options:
Program path and file name | Specify the complete path that gives access to the application executable file. |
Arguments | Application arguments. |
Start in the following folder | Inform a context directory for the application set on the 'Program path and file name' field. |
Resolution | Choose from the available list of resolutions including 'Fit to browser window' and 'Fit to screen', ideal for hiding the browser and working on a full screen mode. |
Browser rules file | Sepcify the location of a file composed of a ruleset to adjust the remote desktop resolution according. Read more. |
Reconnection Timeout | Set a timeout in minutes if you want Thinfinity VirtualUI Server to wait this period before killing the application once the browser has been closed. Timeout 0 will kill the application immediately after the browser has been closed. |
Read more:
· The 'Credentials' Tab
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.2. Credentials
In the Thinfinity VirtualUI Application Editor 'Credentials' tab, you should inform the mode for logging into the specified application:
Use server's account | Use the same credentials entered in the 'Sessions' tab. Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials |
Use the authenticated credentials | Use the same credentials entered in the browser for Thinfinity VirtualUI (specified in the 'Permissions' tab). Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials. |
Use these credentials | Complete the credentials used to access the computer. Note: If the credentials are correct, this option will connect the user automatically when selecting the application, or after authenticating for Thinfinity VirtualUI if this is the only profile for their credentials. |
Read more:
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.3. Permissions
Select the users that will access this application. If you don't select any user, this application will not be accessed.
These are the options you will find on the Application Profile Editor 'Permissions' tab:
Allow anonymous access | Check this option to make this application available without any authentication. Use this option if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI will have access to this application. Checking this option will disable the Add and Remove buttons. |
Add | Press 'Add' to access the windows dialog for selecting Active Directory users. |
Remove | Press 'Remove' to remove a user for this profile. |
If you want a user or a user group to access more than one application, you need to create more application profiles and then add this user to each profile.
The authenticated user will be able to choose from the available application profiles on the Web interface.
Read more:
· Weblink Profile
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.4. Restrictions
In the Thinfinity VirtualUI Application Editor 'Restrictions' tab, you can white list or black list the IP addresses which are allowed to connect to the configured application.
No restrictions | No restriction over which IP Addresses will be able to connect to the application. |
Allow only from these IPs | Allow connections from the listed IP Addresses. |
Block connections from these IPs | Block connections from the listed IP Addresses. |
Add | Add an IP Address to the list |
Remove | Remove an IP Address from the list |
Read more:
· The 'Credentials' Tab
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.5. Access Hours
In the Thinfinity VirtualUI Application Editor 'Access Hours' tab, you can define the day and time your application will be available to your users.
Access Permitted | Define which day and hour the application will be available. |
Access Denied | Define which day and hour the application will be disabled. |
Read more:
· The 'Credentials' Tab
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.1.6. Authentication metods
In the Thinfinity VirtualUI Application Editor 'Authentication Methods' tab, you can define which application will be available after authenticating to Thinfinity.
The Authentication Methods available in the list are those configured in the 'Authentication' tab of the VirtualUI Server Manager.
No restrictions | No restriction on the authentication method used. |
Only users authenticated with these methods | Only the users authenticated with the selected methods will be able to see and connect to the configured application. |
Read more:
· The 'Credentials' Tab
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.2. Weblink Profile
When you edit or add a Web Link profile you will be presented with the screen below.
The 'Web Link' radio button must be marked.
These are the profile properties you can edit:
Name | Use this field to change the profile name. |
Virtual Path | The Virtual Path will create a unique URL address for this connection. The complete path will consist of: http(s)://ThinfinityVirtualUIDomain:port/VirtualPath/. The users can then create a web shortcut to this connection in particular and bypass the Thinfinity VirtualUI web interface. |
Access Key | This is a unique key for this application profile. The value is used to identify the application when implementing access through the One-Time-URL method. |
Icon | Click on the Icon gray box to load an image to be associated with the application. The image will be presented along with the application name on the web interface. |
Web link / Application profile | Select the Weblink option to have a profile that connects to a Web link. These links will be shown along with all the other applications on the Thinfinity VirtualUI start page. |
Default Application | Check this option to make this profile the default application: the authenticated user will connect to this profile directly instead of choosing between the available profiles. The rest of the profiles can be accessed by their Virtual Path. |
Web URL | Inform in this field the URL that you want this application profile to connect to. |
Get Icon | Retrieve an icon from the specified Web URL to be used in the web link profile |
The properties located inside the other tabs will be described throughout the next subtopics.
Read more:
· The 'Permissions' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.4.2.1. Permissions
Select the users that will access this application profile. If you don't select any users, this profile will not be available from the Web interface.
These are the options you will find under the 'Permissions' tab:
Allow anonymous access | Check this option to make this application available without any authentication. Use this option, if you want this profile to be available for everyone. This means that everybody accessing Thinfinity VirtualUI home page will see this profile. Checking this option will disable the Add and Remove buttons. |
Add | Press 'Add' to access the windows dialog for selecting Active Directory users. |
Remove | Press 'Remove' to remove a user for this application profile. |
If you want a user or a user group to access more than one application, you need to create more profiles and then add this user to each profile.
The authenticated user will be able to choose from the Web interface which application s/he will connect to.
Read more:
· The 'Licenses' Tab
This help system was created with an evaluation copy of Help & Manual.
7.2.5. Authentication
The 'Authentication' tab will allow you to choose the authentication methods to access VirtualUI.
Choose your authentication method(s) in the 'Method' tab:
Authentication methods | This list shows the available authentication methods. You can enable or disable them by checking the box to the left of the name. |
Add | Press this button to add a new authentication method. Each method presented will open a new form for you to fill in the relevant information. |
Edit | Select an authentication method and press this button to edit it. |
Remove | Select an authentication method and press this button to remove it. |
Allow anonymous access | Check this to allow anonymous access. This means that users can access anonymous access profiles without any kind of authentication. |
Use standard browser authentication dialog | Check this to use the standard browser authentication dialog. When this is unchecked, users will authenticate through the VirtualUI web login. |
Read more:
· The Mappings Tab
· Oauth2 Methods Field Reference
This help system was created with an evaluation copy of Help & Manual.
7.2.5.1. Mappings
The 'Mappings' tab of the 'Authentication' tab is where you will map all the credentials of methods other than Windows Logon to Windows Active Directory user so they can be authenticated against the profiles.
Switch base | The 'Mappings' tab can show information in two different ways to ease your mapping process. By pressing the 'Switch base' button, you select whether you prefer to see a list of your authentication ID masks above, that you will map with the Associated User(s)/Group(s) Access below, or a list of Associated Permissions for Active Directory User(s) or Group(s) above that you will map to authentication IDs below. This doesn't change the way it works, only the way it is shown. You might want to think that a certain authentication method username has several Active Directory groups it's associated with and thus choose to see the authentication method usernames above; or you might prefer to see, for example, a list of Active Directory users and link each of them with several authentication method usernames. You can try, and even go back and forth as you add users and decide which way works best for you. Switching the base doesn't change the users nor their mapping. |
Authentication ID Mask | This list shows your authentication ID Masks. This means that you can either use an authentication ID, or a mask that matches only some of the username's characters (the rest are represented with *). |
Associated Permissions | This list shows the Active Directory user(s) and/or group(s) associated with authentication ID masks. |
Enabled | Use this checkbox to enable or disable a particular authentication ID mask (only available when the Authentication ID Masks box is shown above) |
Add | Use this button in the box above to add a new authentication ID mask or a new Active Directoy user or group. Use this button in the box below after selecting an authentication ID mask, Active Directory user or group in the box above, to associate an Active Directory user or group or authentication ID mask, respectively, in the box below. |
Remove | Use this button in the box above to remove an authentication ID mask or an Active Directory user or group. Bear in mind that this will also remove the mapping (use the 'Enabled' checkbox to disable it temporarily). Use this button in the box below to remove the mapping of an Active Directory user or group or authentication ID mask to the authentication ID mask or Active Directory user or group selected in the box above. |
This help system was created with an evaluation copy of Help & Manual.
7.2.5.2. Radius Authentication Method Settings
When you use RADIUS as an authentication method, you need to set some parameters:
Name | Choose a name to identify this authentication method. |
Server IP | Enter the RADIUS Server IP |
Port | Enter the RADIUS Port |
Shared Secret | Enter the RADIUS Shared Secret |
Authentication Type | Choose your authentication type. The 'EAP' option stands for all the EAP authentication methods. |
Test Configuration | Press this button to communicate with RADIUS and test the information entered in the above fields to see if it is correct. |
This help system was created with an evaluation copy of Help & Manual.
7.2.5.3. Oauth 2.0 Authentication Method Settings
When you use OAuth 2.0 as an authentication method, you need to set some parameters.
For predefined methods (Google, Facebook, LinkedIn, Dropbox), the only parameters you will need are the client ID and shared secret
Name | Choose a name to identify this authentication method. |
Virtual Path | Type a Virtual Path. If you access your Thinfinity VirtualUI URL followed by the virtual path: http(s)://ip:port/virtualPath the application will attempt to log in with this method. If you change this value, remember to change the CSS for SSO options, setting the style for each login button. The ID for each button must match the Virtual path. |
Client ID | Enter your authentication provider Client ID, generated while configuring your account integration. |
Client Secret | Your authentication provider's Client Secret generated while configuring your account integration. |
In the 'Server' tab of the Authentication Method Settings, you will find that the fields are completed by default for the predefined methods. Like Google in this case:
When you add an Oauth 2.0 method that is not predefined, you will need to complete these fields.
Authorization URL | Enter here the URL where your authentication provider can be reached to request authorization. |
Authorization parameters | Additional parameters for the authorization URL |
Token Validation Server URL | Enter your authentication provider's token validation server URL. |
Profile Information server URL | Enter your authentication provider's information server URL. |
Login username value returned in JSON | The name of the login username field as returned in a JSON from you authentication provider. |
This help system was created with an evaluation copy of Help & Manual.
7.2.5.3.1. Configure OAuth with Auth0
This tutorial will show you how to enable 2FA using Auth0 with Thinfinity VirtualUI .
Auth0 Guardian mobile application is required for 2FA.
1) Create a new application on Auth0’s administrator site, and chose “Single Page Web Application”
2) Copy your Client ID and Client Secret :
3) In the “Allowed Callback URL” , you need to add the URL that you are going to use to authenticate, and the VirtualPath of the Authentication Method ( OAuth by default )
4) To enable 2FA , click on the “Multifactor Auth” and enable “Push Notifications” :
5) Open the Thinfinity VirtualUI Server manager , navigate to the authentication tab , press “Add” -> ”OAuth2.0” -> ”Other”.
6) Add the following information :
This information can be verified in the “Endpoints” tab under Advanced Settings in the Application you created on Auth0’s interface.
Click on “OK” after you entered the information.
7) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Auth0 user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
8) Navigate to the Thinfinity’s landing page, and you should see the “Login With OAuth” option listed as an Authentication Method.
This help system was created with an evaluation copy of Help & Manual.
7.2.5.3.2. Configure OAuth with Okta
How to set up multifactor authentication to your environment or virtualized application.
In this quick tutorial, we will show how to properly configure Okta OAuth 2.0 for Thinfinity Remote Desktop Server and Thinfinity VirtualUI.
1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :
2) Select OpenID Connect as the Authentication Method :
3) Give the application a name, and type in the URL you use to reach Thinfinity. Then press “Save”.
4) You should be redirected to the Application Settings. In here, press the “General” button, and edit the “Login information”.
Configure the “Initiate login URI” field, by adding the Thinfinity’s website address and “/Okta” at the end of the URL.
5) Copy and past both Client ID and Client Secret for future references :
6) Click on the “Assignments” tab and add your users to the Application :
7) Now , open either the Thinfinity Remote Desktop Server Manager or the Thinfinity VirtualUI Manager and navigate to the “Authentication” tab. Click on OAuth 2.0 and choose “Other”.
8) Enter your Client ID and Client Secret :
9) Click on the “Server” tab and add the following parameters :
Authorization URL: https://[MyOktaSpace].okta.com/oauth2/v1/authorize
Parameters: scope=openid+profile&state=okta
Token Validation Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/token
Profile Information Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/userinfo
Login username value in returned Json: preferred_username
You’ll also need to change the name of the Authentication Method to “Okta” ( Or to the URL you configure in the Initiate Login URI )
Press “OK” after you finish configuring the Authentication Method
10) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Okta user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
11) Navigate to the Thinfinity’s landing page, and you should see the “Login With Okta” option listed as an Authentication Method.
This help system was created with an evaluation copy of Help & Manual.
7.2.5.4. External DLL Authentication Method Settings
When you use your own customized external DLL as an authentication method, you only need to set the DLL.
Name | Choose a name to identify this authentication method. |
External Authentication Provider | Select the DLL of your external authentication method. |
Read more:
· Authentication API
This help system was created with an evaluation copy of Help & Manual.
7.2.5.5. Duo Authentication Method Settings
When you use Duo as an authentication method, you need to set some parameters.
Integration Key | Enter your authentication provider Integration Key, generated while configuring your account integration. |
Secret Key | Your authentication provider's Secret Key generated while configuring your account integration. |
API Hostname | Your authentication provider's API Hostname generated while configuring your account integration. |
AKey | Automatically configured by VirtualUI |
In the following topic we'll cover how to properly configure DUO as an authentication method using Thinfinity VirtualUI :
How to configure DUO
This help system was created with an evaluation copy of Help & Manual.
7.2.5.5.1. How to configure DUO
To configure DUO’s Two-Factor authentication, please follow these steps :
On DUO’s Web Interface :
1) Navigate to the Applications tab on Duo's administrator website :
2) Click on "Protect an Application" :
3) Create a new "Web SDK" application and click on "Protect this Application" :
4) Copy the Integration Key, Secret Key, and API Hostname :
5) Now open the Thinfinity Remote Desktop Server Manager, navigate to the "Authentication" tab , click on "Add" and "DUO" :
6) Copy the Integration Key, Secret Key, and API Hostname provided by DUO , then click "OK" and "Apply" :
7) Navigate to the Thinfinity login page , select "Use DUO" as a method of authentication, and enter valid credentials :
8) Now , you will be given the change to authenticate using a valid DUO authentication method :
Once you validate your account , you will be redirected to the index page with the Duo user validated.
.
This help system was created with an evaluation copy of Help & Manual.
7.2.5.6. SAML Authentication Method Settings
When you use Duo as an authentication method, you need to set some parameters.
Service Identifier | |
Service Certificate file | |
Service Certificate Password | |
Identification ID | |
Sign Authentication Request | |
Single Sign/On Service URL | |
Sign-Out URL | |
Partner Certificate File |
In the following topic we'll cover how to properly configure SAML with Okta as an authentication method using Thinfinity VirtualUI :
Configure SAML with Okta
This help system was created with an evaluation copy of Help & Manual.
7.2.5.6.1. Configure SAML with Okta
In this quick tutorial, we will show how to properly configure Okta SAML for Thinfinity Remote Desktop Server.
1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :
2) Chose “SAML 2.0” as the Authentication Method.
3) Assign a name to the application.
4) Configure the “Single sign-on URL” and “Audience URI” .
The “Single Sign-on URL” address should be the following : https://[MyThinfinityWebSite]/SAMLAssertionConsumerService
The Audience URI should be the URI used to connect to Thinfinity : https://[MyThinfinityWebSite]/
5) Choose the Feeback options that applies to your application :
6) Now that the application is created, it should redirect you to the “Settings” window. Click on “View Setup Instructions” for further information :
In here you will get the “Identity Provider Single Sign-on URL”, the Identity Provider Issuer, and the Certificate provided by Okta.
7) Now, open the Thinfinity Remote Desktop Server Manager or Thinfinity VirtualUI Server manager, navigate to the “Authentication” tab, press the “Add” option and click on “SAML” :
8) In here, you will have to add the different values provided by Okta in order to enable SAML :
Service Identifier = Audience URI (SP Entity ID)
Service Certificate File = Your certificate’s file.
Service Certificate Password = Your certificate’s password.
Identificacion Entity ID = Identity Provider Issuer
Single Sign-On Service URL = Identity Provider Single Sign-On URL
Sign-Out URL = This value is optional.
Partner Certificate File = X.509 Certificate provided by Okta.
Below you’ll find an example on how it should look like :
After you finish adding all those values, press “Ok”.
10 ) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Okta user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
11) Navigate to the Thinfinity’s landing page, and you should see the “Login With SAML” option listed as an Authentication Method.
This help system was created with an evaluation copy of Help & Manual.
7.2.5.6.2. Configure SAML with Centrify
On the Centrify’s Admin Portal.
1) Click on “Apps” -> “Web Apps” :
2) Click on “Custom” and next to SAML, press “Add”
3) Give your application a name , and click on the “Trust” tab .
Click on “Manual Configuration” , and copy the IdP Entity ID , and download the certificate provided by Centrify.
4) Then copy the “Single Sign on URL” , and the “Single Logout URL” :
5) Now , on the “Service Provide Configuration” , click on “Manual Configuration” and configure the following :
After doing these changes, click on the “Save” button.
6) Now we need to configure Thinfinity with all this information .
Open the Server Manager and navigate to the “Authentication” tab, press “Add” , and then SAML :
7) Now we must configure the connection itself :
· Service identifier = https://YourThinfinitySite:[Port]
· Service Cert File = [Path_To_Your_Certificate]
· Service Cert Pass = [Certificate_Password]
· Identification Entity = [IdP Entity ID / Issuer]
· Single Sing on Service URL = [Single Sign on URL]
· Sign-out URL = [Single Logout URL]
· Partnet Cert File = [Certificate Provided by Centrify]
Once you configured it properly , click “Ok” and then “Apply”
8) Now go the Thinfinity landing page and you should see the “Login with SAML” option now available to use.
This help system was created with an evaluation copy of Help & Manual.
7.2.6. License Manager
The license manager option is found in the License tab of Thinfinity VirtualUI Server Manager. Use this manager to check your licensing status, activity, add or remove your licenses.
Read more:
· License Activation
This help system was created with an evaluation copy of Help & Manual.
7.2.6.1. License Activation
This is how the License Manager should look once your license is registered:
Select | If you registered several serials on this server, press this button to select the key you wish to use. |
Add | Press this button to enter your license information. |
Remove | Press this button if you wish to deactivate the license on this machine. This will allow you to use the license somewhere else, or to re use the license after reinstalling Windows. |
Close | Press this button to close the License Manager |
Activity | Here you can verify in real time the amount of users consuming a license. |
Pressing the 'Add' button will open the Product Registration Wizard:
Read More:
· Proxy Activation
· Get a new Trial Serial Number
· Activate a Serial Number Online
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.2.6.1.1. Proxy Activation
In order to register your license behind a proxy server you must register it using the Licensing Server administrator, for more information please contact support@cybelesoft.com.
Read More:
· Get a new Trial Serial Number
· Activate a Serial Number Online
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.2.6.1.2. Get a new Trial Serial Number
This option will allow you to request a 30 day trial license with unlimited access. You will be prompt to enter a valid name and e-mail address.
Once you filled this information hit 'Next' and check your in-box for the serial key.
Read More:
· Proxy Activation
· Activate a Serial Number Online
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.2.6.1.3. Activate a Serial Number Online
This is how the "Activate a Serial Number Online" windows looks:
Enter the e-mail address you've registered with. | |
Seria | Enter the serial information we provided you. |
Licensing Server URL | If you installed the License Server administrator, enter the License Server URL. Otherwise leave this blank. |
If the license information is incorrect, you will see this warning: "The license information is invalid". In this case, please verify the following:
- That you are entering the exact email and Serial number sent to you. The best practice to do this correctly is to copy - paste it, being careful not to include any space after or before.
- That you have a working internet connection. If you intend to install it in a machine with no internet connection, you can try the Manual Activation. If you have internet restrictions because of a proxy, try the Proxy Activation.
If you need additional help, contact us.
If the license information is correct, the License Manager will let you know that "The new license has been installed successfully" and its information will be show in the License Manager.
Read More:
· Proxy Activation
· Get a new Trial Serial Number
· Activate a Serial Number Offline
This help system was created with an evaluation copy of Help & Manual.
7.2.6.1.4. Activate a Serial Number Offline
Manual Activation is an activation option only for those cases when you want to activate Thinfinity® VirtualUI in a machine that has no internet connection, or an internet connection restricted by heavy security policies that block a regular activation.
· If you haven't tried a regular activation, follow these instructions: Activate a Serial Number Online.
· If your internet restrictions are caused by a proxy, follow these instructions: Proxy Activation.
Before you continue with the steps to perform a manual activation, please contact us.
Once you've selected Activate a Serial Number Offline. You will see the following pop up:
Serial | Enter the license Serial number to generate the manual activation key |
Generate Manual Key | After you have entered the serial number, press this button to generate the Manual Activation Key. |
Manual Activation Key | After you press the 'Generate Manual Key' button, a Manual Activation Key will appear in this field. Send this Manual Activation Key to support. |
Manual License | The support team will reply with the Manual License, a code that you will enter in the field above. |
Next | Press this button once you have performed the previous steps to complete your license activation. |
Read More:
· Proxy Activation
· Get a new Trial Serial Number
· Activate a Serial Number Online
This help system was created with an evaluation copy of Help & Manual.
7.3. Gateway
The Gateway Manager is a tool to configure gateway options in a Load Balancing scenario.
Install Thinfinity VirtualUI as a Gateway Role and look for the 'Thinfinity VirtualUI Gateway' shortcut in the Start Menu.
Its main menu has two sub-menus:
File Menu:
The File Menu is composed of the following options:
Save | Click to save any change done on the system Settings. |
Close | Click on this option to exit Thinfinity VirtualUI Gateway Manager. |
Help Menu:
The Help Menu is composed of the following options:
About Thinfinity VirtualUI | Click on the About to see the application version and build number. |
The General tab presents the following options:
Bind to IP | Use this option to restrict access to the service to one specific IP address. The 'All unassigned' option allows access through all the available IP addresses. |
Protocol | Choose between the http and https protocol. |
Press this button to configure HTTP error responses. | |
This button is only visibile when the protocol is set to HTTPS. Press this button to access the options for replacing the default Thinfinity VirtualUI installed certificate with your own. Read more about managing the SSL certificates. | |
Port | Choose which port will Thinfinity VirtualUI Gateway be listening on. If the port is not available, you will see an error message on the status bar. |
Network ID | The network ID identifies this gateway services installation. Thinfinity VirtualUI Servers that want to share their resources through this this gateway must match this Network ID. Press this button to see and/or change the Network ID. The default value is a random string but you can change it to something more descriptive. |
Show Log | Press to open the file with the Thinfinity VirtualUI log. |
This help system was created with an evaluation copy of Help & Manual.
Last updated