DownloadGet a QuoteConnect with Us

5.3 Authentication Schemes

Thinfinity® Workspace supports multiple authentication schemes to provide flexible, secure access to your resources. These schemes allow administrators to tailor the login experience based on organizational needs, existing infrastructure, and security policies.

This section explains how Thinfinity Workspace interacts with external account providers, how it provides support for SSO (Single Sign-On), and the way it integrates 2FA (Two-Factor Authentication).

Authenticating with an Identity Provider

Thinfinity Workspace allows user authentication through a variety of account providers, including:

  • Active Directory

  • Thinfinity IdP

  • OAuth/2 and SAML providers

  • RADIUS

  • WebAuthn

Additionally Thinfinity Workspace can make use of 2FA authentication schemes;

  • TOTP

  • DUO

When an external directory service is configured as the account provider, users authenticate using their existing credentials. This centralizes identity management and ensures users do not need separate login credentials for Thinfinity Workspace.\

SSO with External Identity Providers

Thinfinity Workspace supports SSO, enabling users to log in seamlessly using their corporate credentials. When integrated with SSO-capable providers like Azure AD, Okta, or Google Workspace users are automatically authenticated without entering credentials repeatedly.

Benefits of SSO:

  • Streamlined user experience.

  • Improved security through centralized authentication.

  • Simplified access control via existing identity infrastructure.

SSO can be configured using standard protocols such as:

  • SAML 2.0

  • OAuth 2.0 / OpenID Connect

Note

For full SSO integration, ensure Thinfinity Workspace is publicly accessible or connected to your internal identity federation infrastructure.

Two-Factor Authentication

Thinfinity Workspace supports 2FA to enhance security by requiring users to verify their identity with an additional method beyond username and password.

Supported 2FA options include:

  • TOTP-based apps (e.g., Google Authenticator, Microsoft Authenticator)

  • Email or SMS-based codes (depending on IDP integration)

  • 2FA enforced by external IDPs (e.g., Microsoft Entra, Okta)

When 2FA is enabled, users are prompted for a second authentication step after entering their credentials.

Previous5.2 Mapping the IdP Groups to Thinfinity RolesNext5.4 External Identity Mapping

Last updated

Was this helpful?