One-Time URLs: The Importance of Disposable Access ' RBAC 'Thinfinity Workspace

One-Time URLs: The Importance of Disposable Access

One-Time URLs: The Importance of Disposable Access

Providing remote access to your internal resources can be a real challenge. If you must deliver an application to potential customers or your contractors need temporary access to corporate desktops, disposable connections can help you provide one-time secure remote access while avoiding complex configuration steps.

If you are responsible for delivering remote access to resources, you know that setting the environment up can turn into a nightmare. The risk increases when granting access to total strangers: unlike simple screen sharing, enabling unattended access to a remote desktop session requires a user definition or assignment.

Then, how can you prevent those users from attempting to reuse guest credentials? How can you provide the most secure and convenient alternative whenever they need access to those resources? How to successfully combine web and desktop worlds into a single, integrated environment? Well, this is when the importance of being discardable becomes a necessity.

One-Time-URL is how Thinfinity® allows you to create a single use-and-discard web address. In a nutshell, you can set and configure the desired connection and generate a dynamic link you will provide to the user for one-time access to a desktop or application on your local network. This dynamic link can be created by admins with built-in credentials and predefined session duration.

How to integrate One-Time URL in Thinfinity® Workspace

1. First, you need to ask Thinfinity Workspace to generate your URL. Call Thinfinity Workspace server following this URL format:

http(s)://Thinfinity:Port/ws/oturl/get?<queryString>

2. The queryString should be built with all parameters listed below:

apikey= <apikey> &apiuser= <apiuser> &model= <model> &plen= <passlen> &expires= <expires>

Find in the table below a description for each parameter:

Parameter Description
apiKey The ApiKey is a secret value known only by Thinfinity® Desktop Server and the corporate application. Find out more about it on the ApiKey topic.
apiuser Use this parameter to identify the user within Thinfinity® Desktop Server. The value should be the user or email registered on your website. The users are seen in the Analytics Web Service.
model Send the profile key of the profile you want to connect to. The profile’s settings will work as a template for the One-Time-URL connection that will be established. You can modify these settings by adding more parameters to the One-time-URL.
plen The plen parameter carries the password length.
expires Through this parameter you can set an expiration(in minutes) for the URL. Expires = 60 means that the URL won’t work anymore after 60 minutes from the URL generation.
Scalability Effortless horizontal and vertical scaling, supports growing workloads without degradation in performance
Integration Easy integration with existing IT infrastructure, broad compatibility with third-party applications and services

On the next topics, you can find out other parameters you can use to Configure the connection and Enable features.

3. If Thinfinity® Desktop Server gets to authenticate with the parameters sent on the queryString, it will return a One-Time-URL that will allow you to establish an RDP connection with the remote desktop.

/oturl.html?key=w7NJNschBdJD9e6G6luWhOCalM$oFW7guqC6jE1IQah3AJm3&pass=BOWZB8FG

Concatenate the Thinfinity® Desktop Server address to the generated URL, following this format below:

http(s)://ThinfinityRDP:Port/oturl.html?key=w7NJNschBdJD9e6G6luWhOCalM$oFW7guqC6jE1IQah3AJm3&pass=BOWZB8FG

This way, the URL will be ready to be used. You can redirect your application to the desktop connection through it or even send it to an external user by e-mail.

⚠️You will find an HTML/ajax example inside the application installation directory, under the ‘webrdp’ folder. The file is named oturltest.html and implements the features covered on this topic.
 

In conclusion, a One-Time URL offers a useful way to extend web-enhanced applications to new scenarios. We are convinced you will greatly benefit from this Thinfinity Workspace feature.

Have any questions?

Book a call today to learn more about how Thinfinity® can help your organization. We are always available to guide you and provide the best solution based on your specific needs.

Add Comment

Thinfinity_logo

Get a Demo

Experience how Universal ZTNA with Thinfinity® integrates with VDI and DaaS for unmatched security and flexibility.

Blogs you might be interested in

<span>Application Integration</span>, <span>Disposable Access</span>, <span>IT Security</span>, <span>One-Time URL</span>, <span>RBAC</span>, <span>SDK</span>, <span>Secure Access</span>, <span>Thinfinity Workspace</span>