Ctrlk

Download Get a Quote Connect with Us

Thinfinity® Workspace Product Manual
Copyright & Disclaimer
1 - Introduction to Thinfinity Workspace
2 - Installation and Setup
3 - Best Practices
- 3.1 Thinfinity® Workspace: Best Practices for Production Environments
4 - Introducing the User Interface
- 4.1 Accessing Thinfinity® Workspace
- 4.2 User Interface Overview
5 - Access Profiles
6 - User and Access Management
7 - Thinfinity Workspace Components
8 Resource Reservation and RPAM
- 8.1 Resource Reservation
- 8.2 Working with Resource Reservations
9 - Cloud Manager
10 - Monitoring, Analytics, and Logging Modules
11 - Zero Trust Network Access (ZTNA) and Security Hardening
- 11.1 Understanding ZTNA (Zero Trust Network Access)
- 11.2 Locking Down Thinfinity® Workspace
12 - basic configuration
13 - Customizing the User Experience
14 - Integrations
- 14.1 Integrating Thinfinity Workspace
- 14.2 Extending Thinfinity® Workspace
15 - Advanced System Behavior Configuration
- 15.1 Security Settings
- 15.2 Advanced Settings Files
REFERENCE
- Thinfinity® Workspace Configuration Manager
- Thinfinity® Workspace Web Manager
  - Add-ons
  - Settings
    Account
    Configuration
    Access Profiles
    Authentication
    Authentication Methods
    Passkeys Settings
    RADIUS Settings
    SAML Settings
    API Access Settings
    OAuth 2.0 Settings
    External DLL Settings
    Two-Factor Authentication
    Identity Mappings Settings
    Security Settings
    UI Settings
    License

Powered by GitBook

On this page

REFERENCE
Thinfinity® Workspace Web Manager
Settings
Configuration
Authentication
Authentication Methods

Passkeys Settings

To access Passkeys configuration settings: in the main Thinfinity® Workspace page click the user profile to access the user menu and select Settings. Next, navigate to Configuration>Authentication>Authentication Methods, click Add and select Passkeys.

The following parameters are available:

Option

Description

Relaying party ID

Fill in the domain name, as the tip indicates, it usually corresponds to the Thinfinity Workspace root domain or subdomain, e.g., myDomain.com.

Relaying party name

Enter a name for your Workspace installation. This field must not be left empty.

Enabled

This option is selected by default when adding the authentication method.

Option

Description

User verification

Use this field to configure the level of enforcement of the Passkeys method. The default option is Preferred. Preferred The Relying Party prefers user verification for the operation if possible.

Discouraged The Relying Party does not want user verification to be used during the operation, for example, to minimize disruption to the user interaction flow.

Required The Relying Party mandates user verification for the operation.

Supported public key algorithms

By default, all options are selected. Edit if applicable. To change the algorithm order, click an element from the list and use the buttons to the left to change its position.

Attachment

Use this option to set the preference for the type of authenticator (where the passkey is stored and managed) that should be used for the authentication or registration process. Available options include Unspecified, Platform and Cross-Platform, the default option is Unspecified. Platform: Platform authenticators are limited to authenticating a user via a specific device (in the case of Windows Hello, the laptop running it).

Cross-platform: enables the establishment of a secure source for verifying the user’s identity and for delegating trust to specific devices in the user’s control.

Registration hints

Select one of the available options and use the buttons to the left to set the order. Security key: Indicates that the Relying Party believes that users will satisfy this request with a physical security key. Client Device: Indicates that the Relying Party believes that users will satisfy this request with a platform authenticator attached to the client device.

Hybrid: Indicates that the Relying Party believes that users will satisfy this request with general-purpose authenticators such as smartphones

Allow multi-device passkeys

Select to allow Passkeys to synchronize across devices of the same ecosystem.

Timeout (seconds)

Set a timeout for the authentication process.

Option

Description

Attestation Type

Use this option to determine the level of attestation information Thinfinity Workspace (the Relaying Party) requests from the authenticator. None: Doesn’t require Attestation.

Direct: Allows your service to know the details of the devices being used with your service. Indirect: Get an attestation but allows the client to decide how to obtain attestation statements. The client may replace the authenticator-generated attestation statements with anonymous attestation statements to protect the user's privacy

Allow authenticator models (AAGUIDs)

Use the options in this area to choose the allowed authenticator models.

No restrictions.
Allow only these authenticator models.
Block these authenticator models.

Add AAGUID

This field only becomes available if you select any of the last two options from the previous field. It allows selecting the allowed/forbidden authenticator models.

FIDO Metadata Service/Perform periodic database updates

By default, periodic database updates are enabled, edit if applicable.

PreviousAuthentication Methods NextRADIUS Settings

Last updated 1 month ago

Was this helpful?

Was this helpful?