Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
To configure DUO’s Two-Factor authentication, please follow these steps :
On DUO’s Web Interface :
1) Navigate to the Applications tab on Duo's administrator website :
2) Click on "Protect an Application" :
3) Create a new "Web SDK" application and click on "Protect this Application" :
4) Copy the Integration Key, Secret Key, and API Hostname :
5) Now open the Thinfinity Remote Desktop Server Manager, navigate to the "Authentication" tab , click on "Add" and "DUO" :
6) Copy the Integration Key, Secret Key, and API Hostname provided by DUO , then click "OK" and "Apply" :
7) Navigate to the Thinfinity login page , select "Use DUO" as a method of authentication, and enter valid credentials :
8) Now , you will be given the change to authenticate using a valid DUO authentication method :
Once you validate your account , you will be redirected to the index page with the Duo user validated.
.
When you use TOTP as a Second Factor Authentication method, you need to set some parameters.
Option
Description
Issuer
Name of the authentication
Google Authenticator Compatible
Enable this option to enable compatibility with Google Authenticator
Digits
Configure the amount of digits you want your TOTP to use.
Algorithm
Configure the algorithm used in the TOTP process
Precision
Set the amount of time you want the TOTP token to be valid
Reset 2FA key for user
Use this option to reset a user 2FA authentication device.
When you use Duo as an authentication method, you need to set some parameters.
In the following topic we'll cover how to properly configure DUO as an authentication method using Thinfinity VirtualUI :
****
Integration Key
Enter your authentication provider Integration Key, generated while configuring your account integration.
Secret Key
Your authentication provider's Secret Key generated while configuring your account integration.
API Hostname
Your authentication provider's API Hostname generated while configuring your account integration.
AKey
Automatically configured by VirtualUI
The 'Authentication' tab will allow you to choose the authentication methods to access VirtualUI.
Choose your authentication method(s) in the 'Methods' tab:
Authentication methods
This list shows the available authentication methods. You can enable or disable them by checking the box to the left of the name.
Add
Press this button to add a new authentication method. Each method presented will open a new form for you to fill in the relevant information.
Edit
Select an authentication method and press this button to edit it.
Remove
Select an authentication method and press this button to remove it.
Allow anonymous access
Check this to allow anonymous access. This means that users can access anonymous access profiles without any kind of authentication.
Use standard browser authentication dialog
Check this to use the standard browser authentication dialog. When this is unchecked, users will authenticate through the VirtualUI web login.
Read more:
The 'Mappings' tab of is where you will map all the credentials of methods other than Windows Logon to Windows Active Directory user so they can be authenticated against the profiles.
Options
Description
Switch base
The 'Mappings' tab can show information in two different ways to ease your mapping process. By pressing the 'Switch base' button, you select whether you prefer to see a list of your authentication ID masks above, that you will map with the Associated User(s)/Group(s) Access below, or a list of Associated Permissions for Active Directory User(s) or Group(s) above that you will map to authentication IDs below. This doesn't change the way it works, only the way it is shown. You might want to think that a certain authentication method username has several Active Directory groups it's associated with and thus choose to see the authentication method usernames above; or you might prefer to see, for example, a list of Active Directory users and link each of them with several authentication method usernames. You can try, and even go back and forth as you add users and decide which way works best for you. Switching the base doesn't change the users nor their mapping.
Authentication ID Mask
This list shows your authentication ID Masks. This means that you can either use an authentication ID, or a mask that matches only some of the username's characters (the rest are represented with *).
Associated Permissions
This list shows the Active Directory user(s) and/or group(s) associated with authentication ID masks.
Enabled
Use this checkbox to enable or disable a particular authentication ID mask (only available when the Authentication ID Masks box is shown above)
Add
Use this button in the box above to add a new authentication ID mask or a new Active Directoy user or group.
Use this button in the box below after selecting an authentication ID mask, Active Directory user or group in the box above, to associate an Active Directory user or group or authentication ID mask, respectively, in the box below.
Remove
Use this button in the box above to remove an authentication ID mask or an Active Directory user or group. Bear in mind that this will also remove the mapping (use the 'Enabled' checkbox to disable it temporarily).
Use this button in the box below to remove the mapping of an Active Directory user or group or authentication ID mask to the authentication ID mask or Active Directory user or group selected in the box above.
BT - Missing section from RTF file
This tutorial will show you how to enable 2FA using Auth0 with Thinfinity VirtualUI .
Auth0 Guardian mobile application is required for 2FA.
1) Create a new application on Auth0’s administrator site, and chose “Single Page Web Application”
2) Copy your Client ID and Client Secret :
3) In the “Allowed Callback URL” , you need to add the URL that you are going to use to authenticate, and the VirtualPath of the Authentication Method ( OAuth by default )
4) To enable 2FA , click on the “Multifactor Auth” and enable “Push Notifications” :
5) Open the Thinfinity VirtualUI Server manager , navigate to the authentication tab , press “Add” -> ”OAuth2.0” -> ”Other”.
6) Add the following information :
This information can be verified in the “Endpoints” tab under Advanced Settings in the Application you created on Auth0’s interface.
Click on “OK” after you entered the information.
7) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Auth0 user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
8) Navigate to the Thinfinity’s landing page, and you should see the “Login With OAuth” option listed as an Authentication Method.
****
When you use RADIUS as an authentication method, you need to set some parameters:
Name
Choose a name to identify this authentication method.
Server IP
Enter the RADIUS Server IP
Port
Enter the RADIUS Port
Shared Secret
Enter the RADIUS Shared Secret
Authentication Type
Choose your authentication type. The 'EAP' option stands for all the EAP authentication methods.
Test Configuration
Press this button to communicate with RADIUS and test the information entered in the above fields to see if it is correct.
When you use OAuth 2.0 as an authentication method, you need to set some parameters.
For predefined methods (Google, Facebook, LinkedIn, Dropbox), the only parameters you will need are the client ID and shared secret
Name
Choose a name to identify this authentication method.
Virtual Path
Type a Virtual Path. If you access your Thinfinity VirtualUI URL followed by the virtual path:
http(s)://ip:port/virtualPath
the application will attempt to log in with this method.
Client ID
Enter your authentication provider Client ID, generated while configuring your account integration.
Client Secret
Your authentication provider's Client Secret generated while configuring your account integration.
In the 'Server' tab of the Authentication Method Settings, you will find that the fields are completed by default for the predefined methods. Like Google in this case:
When you add an Oauth 2.0 method that is not predefined, you will need to complete these fields.
Authorization URL
Enter here the URL where your authentication provider can be reached to request authorization.
Authorization parameters
Additional parameters for the authorization URL
Token Validation Server URL
Enter your authentication provider's token validation server URL.
Profile Information server URL
Enter your authentication provider's information server URL.
Login username value returned in JSON
The name of the login username field as returned in a JSON from you authentication provider.
****
If you change this value, remember to change the , setting the style for each login button. The ID for each button must match the Virtual path.
How to set up multifactor authentication to your environment or virtualized application.
In this quick tutorial, we will show how to properly configure Okta OAuth 2.0 for Thinfinity Remote Desktop Server and Thinfinity VirtualUI.
1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :
2) Select OpenID Connect as the Authentication Method :
3) Give the application a name, and type in the URL you use to reach Thinfinity. Then press “Save”.
4) You should be redirected to the Application Settings. In here, press the “General” button, and edit the “Login information”.
Configure the “Initiate login URI” field, by adding the Thinfinity’s website address and “/Okta” at the end of the URL.
5) Copy and past both Client ID and Client Secret for future references :
6) Click on the “Assignments” tab and add your users to the Application :
7) Now , open either the Thinfinity Remote Desktop Server Manager or the Thinfinity VirtualUI Manager and navigate to the “Authentication” tab. Click on OAuth 2.0 and choose “Other”.
8) Enter your Client ID and Client Secret :
9) Click on the “Server” tab and add the following parameters :
Authorization URL: https://[MyOktaSpace].okta.com/oauth2/v1/authorize
Parameters: scope=openid+profile&state=okta
Token Validation Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/token
Profile Information Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/userinfo
Login username value in returned Json: preferred_username
You’ll also need to change the name of the Authentication Method to “Okta” ( Or to the URL you configure in the Initiate Login URI )
Press “OK” after you finish configuring the Authentication Method
10) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Okta user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
11) Navigate to the Thinfinity’s landing page, and you should see the “Login With Okta” option listed as an Authentication Method.
When you use Duo as an authentication method, you need to set some parameters.
Service Identifier
Service Certificate file
Service Certificate Password
Identification ID
Sign Authentication Request
Single Sign/On Service URL
Sign-Out URL
Partner Certificate File
In the following topic we'll cover how to properly configure SAML with Okta as an authentication method using Thinfinity VirtualUI :
****
In this quick tutorial, we will show how to properly configure Okta SAML for Thinfinity Remote Desktop Server.
1) Navigate to your Okta space, go to the Applications tab, and create a new application using the “Create New App” button :
2) Chose “SAML 2.0” as the Authentication Method.
3) Assign a name to the application.
4) Configure the “Single sign-on URL” and “Audience URI” .
The “Single Sign-on URL” address should be the following : https://[MyThinfinityWebSite]/SAMLAssertionConsumerService
The Audience URI should be the URI used to connect to Thinfinity : https://[MyThinfinityWebSite]/
5) Choose the Feeback options that applies to your application :
6) Now that the application is created, it should redirect you to the “Settings” window. Click on “View Setup Instructions” for further information :
In here you will get the “Identity Provider Single Sign-on URL”, the Identity Provider Issuer, and the Certificate provided by Okta.
7) Now, open the Thinfinity Remote Desktop Server Manager or Thinfinity VirtualUI Server manager, navigate to the “Authentication” tab, press the “Add” option and click on “SAML” :
8) In here, you will have to add the different values provided by Okta in order to enable SAML :
Service Identifier = Audience URI (SP Entity ID)
Service Certificate File = Your certificate’s file.
Service Certificate Password = Your certificate’s password.
Identificacion Entity ID = Identity Provider Issuer
Single Sign-On Service URL = Identity Provider Single Sign-On URL
Sign-Out URL = This value is optional.
Partner Certificate File = X.509 Certificate provided by Okta.
Below you’ll find an example on how it should look like :
After you finish adding all those values, press “Ok”.
10 ) Click on the “Mappings” tab and then press “Add” under the Authentication ID Mask.
Add the email address of the Okta user you want to validate and press “Ok”.
Then, under the “Associated Permissions” field, press on the “Add” button and search for the Active Directory User
After you add the appropriate mappings, click on the “Apply” button.
11) Navigate to the Thinfinity’s landing page, and you should see the “Login With SAML” option listed as an Authentication Method.
****
When you use your own customized external DLL as an authentication method, you only need to set the DLL.
Name
Choose a name to identify this authentication method.
External Authentication Provider
Select the DLL of your external authentication method.
Read more:
On the Centrify’s Admin Portal.
1) Click on “Apps” -> “Web Apps” :
2) Click on “Custom” and next to SAML, press “Add”
3) Give your application a name , and click on the “Trust” tab .
Click on “Manual Configuration” , and copy the IdP Entity ID , and download the certificate provided by Centrify.
4) Then copy the “Single Sign on URL” , and the “Single Logout URL” :
5) Now , on the “Service Provide Configuration” , click on “Manual Configuration” and configure the following :
After doing these changes, click on the “Save” button.
6) Now we need to configure Thinfinity with all this information .
Open the Server Manager and navigate to the “Authentication” tab, press “Add” , and then SAML :
7) Now we must configure the connection itself :
· Service identifier = https://YourThinfinitySite:[Port\]
· Service Cert File = [Path_To_Your_Certificate]
· Service Cert Pass = [Certificate_Password]
· Identification Entity = [IdP Entity ID / Issuer]
· Single Sing on Service URL = [Single Sign on URL]
· Sign-out URL = [Single Logout URL]
· Partnet Cert File = [Certificate Provided by Centrify]
Once you configured it properly , click “Ok” and then “Apply”
8) Now go the Thinfinity landing page and you should see the “Login with SAML” option now available to use.
The '2FA' tab of the 'Authentication' tab is where you will define the Second Factor Authentication methods that you want to use in conjunction with VirtualUI.
