DownloadGet a QuoteConnect with Us

10.2.1 Enforcement of Principle of Least Privilege

By implementing the PoLP in Thinfinity® Workspace you can:

  • Reduce the risk of lateral movement in case of a security breach.

  • Minimize misconfiguration and potential misuse of the platform.

  • Improve compliance with standards such as ISO 27001, HIPAA, GDPR, etc.

  • Provide greater visibility and control over who accesses what, when, and how.

In order to apply PoLP in Thinfinity Workspace make sure you have:

Well-defined Access Profiles

  • Use Access Profiles to strictly define which users can access which applications, desktops, or systems.

  • Avoid generic or overly broad profiles that grant unnecessary permissions.

Role Segregation

  • Separate administrative roles from end-user roles.

  • Leverage Active Directory groups or external IdPs to segment access by role or department.

Minimal Configuration by Default

Thinfinity Workspace does not expose any resources by default—every access profile must be explicitly configured. Always review each configuration before publishing or enabling it.

Network Restrictions

  • Use IP Filtering and Access Control Lists (ACLs) to restrict access from untrusted locations.

  • Apply policies globally or at the profile level, depending on your security needs.

Strong Authentication

  • Enable Two-Factor Authentication (2FA).

  • Integrate with Identity Providers (SAML, OAuth2, RADIUS) for enhanced identity control.

Avoid Unnecessary Administrative Privileges

Limit access to the Thinfinity® Workspace Web Manager and critical features (Broker or Gateway management) to authorized users only.

Auditing and Monitoring

  • Regularly review activity logs.

  • Monitor for unusual logins or unauthorized access attempts.

Full Lockdown: Additional Measures

  • Disable unused protocols: If you're not using SSH, RDP, or VNC, avoid enabling agents or access profiles that support them.

  • Use valid SSL/TLS certificates to encrypt all communications.

  • Limit the number of concurrent users if your licensing allows it.

  • Isolate brokers in DMZ zones when dealing with highly regulated environments.

Previous10.2 Locking Down Thinfinity® WorkspaceNext10.2.2 Regular Security Audits

Was this helpful?