Mappings Tab

Enabled

This option is selected by default for any newly added mapping. Deselect to disable an identity mapping in the list.

Search

Allows looking up an identity mapping.

Import

Allows uploading a JSON file to replace the current user mapping configuration. Since this process will completely overwrite the existing configuration without the possibility of rollback, it is very important to first perform an export of the current configuration in order to have a backup.

Export

Allows generating a JSON file containing the current user mapping configuration. Note however that for security reasons, user passwords are not included in the exported file.

Add

Click to add a new identity mapping/association. See the paragraphs below for details.

Remove

Click to delete the selected association(s).

Method

This field displays a list of external authentication methods defined in the system.

ID Pattern

Click the three dots button to specify and test an ID pattern.

Association

The fields and options available in this dialog change according to the selection made from this field. The option selected by default in this field is Inherited permissions from users/groups. When Inherited permissions from users/groups is selected, the external user credentials provided at login inherit the permissions of the specified local user or group. This configuration allows the mapped SSO credentials to automatically assume the access rights and restrictions of the chosen local user or group, streamlining permissions management and ensuring consistency across user profiles.

Inherited Permissions from users and groups

This field shows a list permissions from users and/or group already defined in the system.

Add

Allows adding users and/or groups to the list of Inherited permissions...

Remote

Allows removing an entry from the list.

Restrict to group

Use this field to restrict this ID mapping to a specific group of users. Click the associated three dots button to display the Find Users or Groups dialog.

Username

This field only becomes available if either Associate existing username or Create username if doesn’t exist and associate is selected from Association field. Associate existing username option allows mapping the configured SSO user to the permissions of specific local domain user. Create username if doesn’t exist and associate option allows mapping users from external identity providers to local or domain users on the host machine, even if these users don’t already exist in the host environment. Thinfinity Workspace captures the external ID of any verified user logging in from an external domain and automatically generates a corresponding local account on the host machine. This new account will inherit permissions predefined by the administrator, ensuring that users receive immediate and secure access aligned with organizational policies.

Use the three dots button to find one of the usernames defined in the currently selected Directory Service(s).

Password mode

Use this field to select the password mode. Available options: No password, Ask, Existing, New or replace (fixed), and New or replace (hash).

Password salt

Only available if New or replace (hash) option is selected from the previous field. A random bit of data added to a password before it is processed through a hashing algorithm.

Password

Shows the generated password.

Test

Verifies the stored credentials.