How to configure OAuth 2.0 with Okta OpenID Connect

Configure OAuth 2.0 with Okta OpenID Connect

Workforce productivity increases when employees can securely access their desktops and applications from their chosen device -at the time and place they choose- to work.

But when having virtualized applications or remote access tools enabled, we are required to take security measures like multifactor authentication.

 

How to set up Okta OAuth 2.0 with OpenID Connect protocol

In this quick tutorial, we will show how to properly configure Okta OAuth 2.0 MFA for Thinfinity Workspace 6.5 and Thinfinity VirtualUI v3.1.

NOTE: Find a guide to configure Okta OAuth 2.0 with SAML here.

Navigate to your Okta space (or start a free trial to test this feature), go to the ‘Applications’ tab, and create a new application using the ‘Create New App’ button:

 

How to configure OAuth 2.0 with Okta OpenID Connect, step 01

 

2) Select ‘OpenID Connect’ as the ‘Authentication Method’, and choose what type of app you will be adding:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 02

Configure OAuth 2.0 with Okta OpenID Connect, step 03

 

3) Give the application a name, and type in the URL you use to reach Thinfinity. Then press ‘Save’.

 

Configure OAuth 2.0 with Okta OpenID Connect, step 04

 

4) You should be redirected to the Application Settings. In here, press the ‘General’ button, and edit the ‘Login information’.

Configure the ‘Sign-in redirect URIs’ field, by adding the Thinfinity’s website address and ‘/Okta’ at the end of the URL.

 

Configure OAuth 2.0 with Okta OpenID Connect, step 05

 

5) Copy and paste both ‘Client ID’ and ‘Client Secret’ for future references:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 06

 

6) Click on the ‘Assignments’ tab and add your users to the ‘Application’:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 07

 

7) Now, open either the ‘Thinfinity Configuration Manager’ or the ‘Thinfinity VirtualUI Manager’ and navigate to the ‘Authentication’ tab. Click on ‘OAuth 2.0’ and choose ‘Other’.

 

 

Configure Okta OAuth 2.0 for RDP

Thinfinity Workspace:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 09

 

 

Configure Okta OAuth 2.0 for your web apps

Thinfinity VirtualUI Manager:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 08

 

8) Enter your ‘Client ID’ and ‘Client Secret’:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 10

 

9) Click on the ‘Server’ tab and add the following parameters:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 11

 

  • Authorization URL: https://[MyOktaSpace].okta.com/oauth2/v1/authorize
  • Parameters: scope=openid+profile&state=okta
  • Token Validation Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/token
  • Profile Information Server URL: https://[MyOktaSpace].okta.com/oauth2/v1/userinfo
  • Login username value in returned Json: preferred_username

You’ll also need to change the name of the ‘Authentication Method’ to ‘Okta’ or to the URL you configure in the ‘Initiate Login URI’:

Press ‘OK’ after you finish configuring the ‘Authentication Method’.

10) Click on the ‘Mappings’ tab and then press ‘Add’ under the ‘Authentication ID Mask’.

Add the email address of the Okta user you want to validate and press ‘Ok’.

Then, under the ‘Associated Permissions’ field, press on the ‘Add’ button and search for the ‘Active Directory User’.

 

Thinfinity Workspace:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 12

 

Thinfinity VirtualUI:

 

Configure OAuth 2.0 with Okta OpenID Connect, step 13

 

After you add the appropriate mappings, click on the ‘Apply’ button.

11) Navigate to the Thinfinity’s landing page, and you should see the ‘Login With Okta’ option listed as an ‘Authentication Method’.

 

Configure OAuth 2.0 with Okta OpenID Connect, step 14

Quick Tip: Learn how to configure Duo 2FA.

 

Have any questions?

Book a call today to learn more about how Thinfinity can help your organization. We are always available to guide you and provide the best solution based on your specific needs.

Leave a comment

Cookie Preferences
Privacy and Cookie Policies
Cybele Software implements specific policies to enhance your browsing experience while respecting your privacy. When you visit Cybele Software's website, the site uses cookies to personalize your experience. These small files remember your preferences and the details of your repeated visits, aligning closely with Cybele's Privacy Policy.

You have complete control over the cookies used during your visit:
- Accepting All Cookies: You can agree to the use of all cookies by clicking “Accept All.” This provides a smoother, more integrated experience.
- Customizing Cookie Settings: If you prefer to manage your preferences, you can click on "Cookie Settings." This allows you to give controlled consent by selecting which types of cookies you agree to activate.
- Opting Out: You also have the option to opt-out entirely from non-essential cookies. It's important to note that choosing this option might impact your experience on the website, potentially limiting certain functionalities and features.
These features ensure that you can tailor your browsing according to your personal preferences and privacy concerns.