Integrate Thinfinity Remote Desktop Server with Azure Active Directory and OAuth 2.0

Integrate Thinfinity Remote Desktop Server with Azure Active Directory and OAuth 2.0

Integrate Thinfinity Remote Desktop Server with Azure Active Directory and OAuth 2.0

In this article, we will show you how to host your Windows instances on Microsoft Azure and provide web access to multiple concurrent users with Azure Active Directory and secure the access with OAuth 2.0.

This quick guide will show how to integrate our Thinfinity® Remote Desktop with Azure AD and OAuth 2.0:

1. Sign in with your Azure account.

2. Go to Azure Active Directory.
Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 01

On the left menu, click on “App Registrations”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 02

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 03

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 04

3. To add a new registry, click on “New Registration”.Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 03

4. Write a name for the application in the text box.
Supported account types: accounts in this organizational directory only (comes by default).
On the redirect URL, you must select “web” and write the URL (must start with https://), followed by the port you choose to use. For example:
https://myThinfinityServer:[Port]/azure
Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 04

5. Click on “Register”.Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 05

6. Once it is registered, you will be able to see the Essentials. On the left menu, click on “Certificates and Secrets”.Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 06

7. You should see Certificates and Client Secrets. Pick “Client secrets”, and click on “New client secret”.Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 07

8. Then, type in any description and set the expiration date. When you finish, click on “Add”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 08

9. Copy the ‘Value’ field once the Client Secret is available. Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 09

10. Then, go back to the first item on the left menu “overview” and copy the Application (client) ID. Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 10

11. Once copied, go to your Thinfinity® Remote Desktop Manager, click on the tab “Authentication”, click on the tab “Methods” and then “Add”.Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 12

12. Choose the option “OAuth2.0”, and then “Azure”.
A new window will pop up. Paste the “Application (client) ID” and the ‘Client Secret’ you have previously copied from the portal. Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 13

13. Then go to the next tab “server” and copy, from the portal, the Directory (tenant) ID and replace [DirectoryID] in Authorization URL and in Token Validation Server URL (remember to erase the “[square brackets]”).Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 14
Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 – 15

14. Type in “*” on the ID mask to allow all elements, and click ”OK“.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 16

15. Now we need to add the ‘Associated Permissions’. Click on the ‘Add’ button below and add a valid Local / AD user:

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 17

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 18

15. Go to your Thinfinity® URL on your browser and finally click on “Log in with Azure”:

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 19

16. Click on “Register”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 05

17. Once it is registered, you will be able to see the Essentials. On the left menu, click on “Certificates and Secrets”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 06

18. You should see Certificates and Client Secrets. Pick “Client secrets”, and click on “New client secret”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 07

19. Then, type in any description and set the expiration date. When you finish, click on “Add”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 08

20. Copy the ‘Value’ field once the Client Secret is available.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 09

21. Then, go back to the first item on the left menu  “overview” and copy the Application (client) ID.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 10

22. Once copied, go to your Thinfinity® Remote Desktop Manager, click on the tab “Authentication”, click on the tab “Methods” and then “Add”.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 12

23. Choose the option “OAuth2.0”, and then “Azure”.

24. A new window will pop up. Paste the “Application (client) ID” and the ‘Client Secret’ you have previously copied from the portal.

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 13

25. Then go to the next tab “server” and copy, from the portal, the Directory (tenant) ID and replace [DirectoryID] in Authorization URL and in Token Validation Server URL (remember to erase the “[square brackets]”).

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 14

Integrated Thinfinity Remote Desktop 5.0 with Azure Active Directory and OAuth 2.0 - 15

Now you should be able to log in with Azure. Let us know how it worked for you!

Have any questions?

Book a call today to learn more about how Thinfinity® can help your organization. We are always available to guide you and provide the best solution based on your specific needs.

3 Comments

Leon Meijer
Reply
July 2, 2020 at 11:31 am

Two tips
1. The Authorization URL and Token Validation URL can be copied from the Endpoint screen in the Azure Portal (under the created app). Be sure to use the v1, the newer v2 does not work. Gives a scope-related error.
2. Configure the Redirect URL in Azure. This is https://servername/virtualpath where virtualpath is the Virtual Path you set in Thinfinity’s Authentication Method Settings dialog

Mariana
Reply
January 30, 2020 at 6:25 pm

Hi Leon! Please send me a screenshot so I can review it: [email protected]

Leon Meijer
Reply
January 23, 2020 at 3:33 pm

My Azure AD is not linked to Office 365 and my users don’t have an email address.
In the Authentication Method Settings dialog, the login username (the claim in the JWT token) is named upn, not mail

Add Comment

Thinfinity_logo

Get a Demo

Experience how Universal ZTNA with Thinfinity® integrates with VDI and DaaS for unmatched security and flexibility.

Blogs you might be interested in

<span>Cloud Service provider (CSP)</span>, <span>Enterprise</span>, <span>HTML5</span>, <span>Managed Service Providers (MSP)</span>, <span>MSSP</span>, <span>OAuth 2.0</span>, <span>Remote Desktop</span>, <span>System Integrator</span>, <span>Virtualization</span>, <span>Web-Based Remote Desktop</span>, <span>Windows app to web</span>