Remote Active Directory
Last updated
Was this helpful?
Last updated
Was this helpful?
Thinfinity® Remote AD Services will allow the same access security all around, allowing the client to manage users and groups in their own environment. It will connect to the client’s Active Directory through a restricted user account and query only for the information needed to manage the login and end-user’s permissions to access the remote resources.
Thinfinity® Workspace will then validate end-users against their own AD and will map with a user account on the app-side AD to create the remote Windows session.
Validation and encrypted data will be all still handled by the client’s AD and according to their environment’s policies. The primary broker exchanges information with the Remote AD service on-demand as shown in the following flow:
Thinfinity Workspace landing page requests your user’s login credentials and validates them against the clients’ AD. If validated correctly, the end-user will access the Thinfinity Workspace home page and will be able to select the access profile they need. This authentication method guarantees transparency for users as well as a secure access method in line with your company's current security policies.
Each access profile (app or desktop link) to be presented to the end-user must be validated against the AD according to the configured permissions of the profile. Thinfinity Workspace will validate the current logged on user against the users and groups associated to the profile. To do this, it will query remotely to the clients’ AD to verify membership. Only true or false is returned on the query, thus no information can be cached.
Thinfinity Workspace needs to access the remote AD to list users and groups (only IDs) to associate them to each profile that requires access permissions. Only IDs are retrieved and restricted to the groups that Thinfinity® Remote AD Services is allowed to access based on the Windows Service user account configured.