Summary
Looking to securely access SaaS tools like Salesforce, Zoho CRM, Asana, and Jira, as well as legacy intranet applications—without VPNs? Thinfinity® Workspace offers robust S through SAML 2.0 and OAuth 2.0, enabling centralized identity management, seamless SSO, and Zero Trust access across hybrid IT environments. Learn how to simplify protocol translation, unify access control, and protect both cloud and on-prem applications from unauthorized access and identity sprawl.
Secure Access to SaaS Applications via IdP Brokering
SaaS adoption is widespread, with platforms like Salesforce, Zoho CRM, Asana, Trello, and Jira used daily across business units. Each new application introduces authentication and security challenges unless identity is unified.
Thinfinity Workspace brokers identity between major IdPs—like Entra ID (former Azure AD), Okta, and Google Identity—and SaaS apps using SAML 2.0 and OAuth 2.0.
Key features:
- SP-Initiated SAML Flows: Thinfinity redirects users to trusted IdPs before granting access to apps.
- OAuth Token-Based Security: For apps like Salesforce or Zoho, OAuth enables API-level delegation without sharing user credentials.
- Attribute Mapping: Translates IdP attributes (e.g., Azure AD group) into Thinfinity RBAC roles.
- Granular RBAC: Enforces app-specific access policies—for example, giving only the “Marketing” group access to Asana, while restricting Salesforce to Sales team members.
Granular RBAC in Action
Thinfinity Workspace enforces application-specific access policies by translating identity attributes (e.g., groups, roles, or claims from Azure AD or Okta) into precise permissions within its Role-Based Access Control (RBAC) engine.
For example, an enterprise can define a policy where only users in the “Marketing” group are granted access to Asana for campaign collaboration, while Salesforce is restricted to Sales team members only. If a user belongs to both departments, Thinfinity can apply layered policies that assign the appropriate access level per application—read-only for Salesforce dashboards, full access for Asana projects.
Additionally, these roles can extend to conditional access scenarios:
- Block access to Jira outside business hours unless using a company-issued device.
- Require reauthentication via MFA for users accessing Zoho CRM from unknown geolocations.
All access decisions are logged, traceable, and dynamically enforced—supporting both compliance reporting and real-time security posture management.
Secure Access to Intranet Applications Through Thinfinity Workspace
Even as SaaS adoption accelerates, internal web applications—such as ERP systems, BI dashboards, and custom-built tools—continue to be mission-critical for daily operations. However, many of these applications lack support for modern authentication protocols like SAML or OAuth, relying instead on legacy login mechanisms. Traditionally, access to these systems has been facilitated through VPNs, which not only expose the internal network but also create a significant operational burden on IT teams. Managing VPN endpoints, troubleshooting connectivity, and enforcing consistent access controls across distributed environments becomes increasingly complex and resource-intensive—especially in remote or hybrid work scenarios.
Thinfinity Workspace removes these barriers through:
- Identity Federation: Accepts SAML/OAuth assertions from cloud IdPs and maps them to internal AD or LDAP users.
- Proxy Access: Fronts legacy web apps that lack SSO support, creating a seamless user experience.
- Encrypted Sessions: Maintains secure cookies and supports session timeouts.
- Flexible MFA Support: Thinfinity Workspace supports native 2FA, integrates with legacy RADIUS-based MFA, and inherits MFA policies from external IdPs like Azure AD and Okta—ensuring secure, consistent authentication across all environments.
- Zero Trust Enforcement: Enforces policies based on user, device, and session context—with no network-level access required.
Benefits of Thinfinity’s IdP Brokering Approach
SaaS & Intranet Coverage
Supports cloud-first and hybrid environments with equal security.
Protocol Flexibility
Bridges OAuth 2.0, SAML 2.0, and OpenID Connect across all identity providers and application types.
Zero VPN Dependency
Eliminates outdated perimeter security with identity-driven access.
Centralized Audit & Control
Unifies role and policy enforcement across all systems—cloud or legacy.
Developer & Admin Friendly
Integrates with existing identity systems and application stacks, whether modern or legacy.
Conclusion
Thinfinity Workspace delivers a unified, Zero Trust approach to access management across your entire application landscape. Whether it’s SaaS platforms like Salesforce and Trello or internal dashboards protected by legacy systems, Thinfinity’s IdP brokering engine ensures secure, frictionless access based on identity—not location or network.
By leveraging modern authentication protocols, enforcing granular RBAC, and simplifying integration with both modern and legacy IdPs, Thinfinity becomes the central control plane for secure, scalable access across the enterprise.
Replace VPNs, reduce credential sprawl, and streamline access—with one platform.
FAQs
What is IdP brokering
IdP brokering is a middleware architecture where a central platform (like Thinfinity Workspace) mediates between Identity Providers (e.g., Azure AD, Okta) and applications. It enables users to authenticate once and access multiple SaaS or on-premise apps securely.
How do I enable SSO for both SaaS and internal apps?
With Thinfinity Workspace, you configure your identity provider (e.g., Okta or Azure AD) and connect your applications—Thinfinity handles protocol translation, authentication flows, and session management across SaaS and intranet apps.
Which SaaS apps can I secure with Thinfinity?
Thinfinity integrates with any SaaS app supporting SAML or OAuth, including:
- Salesforce
- Zoho CRM
- Asana
- Trello
- Jira
- Monday.com
- GitHub Enterprise
- Google Workspace
Can Thinfinity replace my VPN?
Yes. Thinfinity enables browser-based, identity-aware access to internal applications—completely removing the need for traditional VPNs while enhancing security through Zero Trust principles.
Does Thinfinity support legacy applications?
Yes. Even if your internal apps don’t support modern protocols like SAML, Thinfinity can front them with a secure session, map user identities, and apply RBAC without requiring any code changes.
