OAuth 2.0 Settings
Last updated
Was this helpful?
Last updated
Was this helpful?
OAuth 2.0 is an authorization framework integrated in Thinfinity® Workspace that allows secure access to resources without sharing user credentials. It also allows users to grant third-party applications limited access to their data, ensuring enhanced security and user experience.
Currently, we integrate with the following identity providers: Google, Facebook, LinkedIn, Dropbox, Azure, ForgeRock, and Okta.
To access OAuth 2.0 configuration settings, navigate to Configuration Manager>Authentication>Methods, click Add, select OAuth 2.0 and then the desired Identity Provider.
The following parameters are common to all ID providers.
Name
The name of the authentication method. This field is completed by default with the name of the selected ID provider. Edit if applicable.
Virtual Path
Virtual path for the ID provider. This field is completed by default with the name of the selected ID provider.
2FA Method
The associated 2FA method.
Parameters available in the General tab:
Client ID
Identifies Thinfinity Workspace in the OAuth Server.
Client Secret
Authenticates the identity of the OAuth client when requesting access tokens from an OAuth provider.
Parameters available in the Server tab:
Authorization URL
This is the OAuth 2.0 server address where Thinfinity Workspace validates users. It works in conjunction with the values entered in the Other Keys field. Completed by default with the info corresponding to the selected identity provider.
Authorization Parameters
Enter the required authorization parameters in the following format:
key1=value1&key2=value2&...
These will be sent to the authorization URL. Most OAuth 2.0 servers require a scope to define the user data Thinfinity Workspace needs for validation.
Custom redirect URL
Enter a specific URL that Thinfinity Workspace uses to redirect users back to its platform after they have successfully authenticated through the OAuth flow.
Token Validation Server URL
The server where the validation code is exchanged for an access token, which grants access to user information. The client ID and client secret entered in the General tab are sent to this server for authentication.
Token Validation extra parameters
Additional settings or options that can be configured during the token validation process in the OAuth implementation.
Sign-Out URL
Enter a specific endpoint that allows users to log out or sign out of their session.
Get from URL/Get from Token
This option is selected by default, and it indicates the source for the User information.
Profile information server URL
The token from the Token Validation Server is sent to the Information Server to retrieve user data. The response is a JSON object, parsed using the key specified in the Login username value at JSON profile field.
Add default parameters
This option is selected by default, and it indicates that the default parameters are added to the profile information.
Add custom parameters
To specify custom parameters, select this option and add the desired custom parameters in the associated field.
Send Basic Authentication header
By default, the complete Authentication header is transmitted. Select this option to include only the Basic Authentication header in the message.
Login username value in returned JSON
Specify the key in the JSON object returned by the Profile Information Server that represents the user's login username. This value will be used for mapping in the Mappings tab.
For details on how to configure Single Sign-On for all the identity providers supported in Thinfinity Workspace, see Authentication section in our Knowledge Base.
