Mappings for SSO
Last updated
Last updated
In the 'RADIUS' - 'Mapping' section of the Thinfinity® Remote Desktop Server manager 'SSO' tab, you will link your RADIUS users to Active Directory users or groups. In this way, you tell Thinfinity® Remote Desktop Server that users that authenticate with certain RADIUS users are to be shown certain profiles, the profiles that are available for the Active Directory user(s)/group(s) you selected to link them with. That is, to complete this process you have to link the Active Directory user(s)/group in this tab to the Active Directory user(s)/group of the profile you want to enable for a certain RADIUS user.
The 'Mapping' tab can be shown in two different ways to ease your mapping process. By pressing the 'Switch base' button, you select whether you prefer to see a list of Remote Usernames above, that you will map with the Associated User(s)/Group(s) Access below, or a list of Associated User(s)/Group(s) Access that you will map with the Remote Username list below. This doesn't change the way it works, only the way it is shown. You might want to think that a certain remote username has several Active Directory groups it's associated with and thus choose to see the remote users above, or you might prefer to see, for example, a list of Active Directory users and link each of them with several. You can try, and even go back and forth as you add users and decide which way works best for you. Switching the base doesn't change the users and their mapping.
In the credentials tab, you will find the following options :
Always remember to press "Apply" in order to save the changes.
OPTION
DESCRIPTION
Username
Stores a valid Windows Username.
Used when using an External Authentication and profiles with "Use the Authenticated Credentials" option.
Password
Stores a valid Windows Username's password.
Used when using an External Authentication and profiles with "Use the Authenticated Credentials" option.
Test
Verifies the stored credentials.
Remove
Removes the stored credentials.
OPTION
DESCRIPTION
Switch Base
Press to change the order in which the 'Authentication ID Mask and the 'Associated Permissions' boxes will be shown. This doesn't affect the configuration, only the view.
Authentication ID Mask
List of the remote users.
Add: Add a new remote user (SSO). If the 'Authentication ID Mask' box is above the the Associated Permissions box, you will then need to select it and add an Associated Permission to it. Otherwise, if the 'Authentication ID Mask' box is below the 'Associated Permissions' box, the remote user added will be mapped with the Active Directory User selected in the box above.
Remove: Select a user and click on the 'Remove' button to take out this remote user from the SSO authentication control, when the 'Authentication ID Mask' box is above the Associated User/Group Access box. This will also remove the mappings. If the 'Authentication ID Mask' box is below the 'Associated Permissions' box, you will instead remove the user from the mapping with the Active Directory user/group selected above.
Enabled: Select an user on the list and uncheck the 'Enabled' field if you want to disable the access of this specific remote user.
Associated Permissions
List of Active Directory Users and Groups.
Add: If the 'Associated Permissions' box is above, adds a user to later on select and associate with a remote user. If the Associated Permissions box is below the 'Authentication ID Mask' box, maps this user to the selected remote user above.
Remove: If the 'Associated Permissions' box is above, it deletes this user and their mappings from the mapping tab. If the 'Associated Permissions' box is below the 'Authentication ID Mask' box, it disassociates this Active Directory user from the remote user selected above.