DownloadGet a QuoteConnect with Us

5.3 Authentication Schemes

Thinfinity Workspace supports multiple authentication schemes to provide flexible, secure access to your resources. These schemes allow administrators to tailor the login experience based on organizational needs, existing infrastructure, and security policies.

This section covers how Thinfinity Workspace interacts with external account providers, supports Single Sign-On (SSO), and integrates Multi-Factor Authentication (MFA).

Authenticating with an Identity Provider

Thinfinity Workspace allows user authentication through a variety of account providers, including:

  • Active Directory

  • Thinfinity IdP

  • OAuth/2 and SAML providers

  • RADIUS

  • WebAuthn

Additionally Thinfinity Workspace can make use of MFA authentication schemes;

  • TOTP

  • DUO

When an external directory service is configured as the account provider, users authenticate using their existing credentials. This centralizes identity management and ensures users do not need separate login credentials for Thinfinity Workspace.

Single Sign-On (SSO) with External Identity Providers

Thinfinity Workspace supports Single Sign-On (SSO), enabling users to log in seamlessly using their corporate credentials. When integrated with SSO-capable providers like Azure AD, Okta, or Google Workspace, users are automatically authenticated without entering credentials repeatedly.

Benefits of SSO:

  • Streamlined user experience.

  • Improved security through centralized authentication.

  • Simplified access control via existing identity infrastructure.

SSO can be configured using standard protocols such as:

  • SAML 2.0

  • OAuth 2.0 / OpenID Connect

For full SSO integration, ensure Thinfinity Workspace is publicly accessible or connected to your internal identity federation infrastructure.

Multi-Factor Authentication (MFA)

Thinfinity Workspace supports Multi-Factor Authentication (MFA) to enhance security by requiring users to verify their identity with an additional method beyond username and password.

Supported MFA options include:

  • TOTP-based apps (e.g., Google Authenticator, Microsoft Authenticator)

  • Email or SMS-based codes (depending on IDP integration)

  • MFA enforced by external IDPs (e.g., Microsoft Entra, Okta)

When MFA is enabled, users are prompted for a second authentication step after entering their credentials.

Previous5.2 Mapping the IdP Groups to Thinfinity RolesNext5.4 External Identity Mapping

Last updated

Was this helpful?