LogoLogo
Download Free TrialLive DemoGet a QuoteContact Us
  • Thinfinity® Remote Desktop 6
  • About This Document
  • Introduction
  • What's new in 6.0
  • Architecture
  • Security
  • Upgrade from 5.0
  • Getting Started Section
    • Getting Started
    • Installing Thinfinity® Remote Desktop
    • Using Thinfinity® Remote Desktop for the First Time
      • Verifying the Communication Settings
      • Connecting to a desktop
    • Customizing Thinfinity® Remote Desktop
      • Setting the Access Security Level
        • Access Profiles
          • RDP Profiles
            • Creating an RDP Profile
            • Editing an RDP Profile
            • Disabling an RDP Profile
            • Removing an RDP Profile
            • The "[+]" Profile
          • Web Link Profiles
            • Creating a Web Link Profile
            • Editing a Web Link Profile
            • Disabling a Web Link Profile
            • Removing a Web Link Profile
          • RDS Web Feed Profiles
            • Creating an RDS Web Feed Profile
            • Editing an RDS Web Feed Profile
            • Disabling an RDS Web Feed Profile
            • Removing an RDS Web Feed Profile
          • VNC/RFB Profile
            • Creating a VNC/RFB Profile
            • Editing a VNC/RFB Profile
            • Disabling a VNC/RFB Profile
            • Removing a VNC/RFB Profile
          • Telnet/SSH profile
            • Creating a Telnet/SSH Profile
            • Editing a Telnet/SSH Profile
            • Disabling a Telnet/SSH Profile
            • Removing a Telnet/SSH Profile
      • Testing Internal Access
      • Configuring Internet Access
      • Enabling Remote Sound
      • Mapping Remote Drives
        • Intermediate Disks
        • Shared Folders
    • After Customization
      • Connecting to a Desktop
      • Connecting to an Application
      • Performing a File Transfer
        • Navigating
        • File Options
        • Remote Folder Area Options
        • Downloading and Uploading files
    • Supported RDP Shortcut Keys
  • Advanced Settings Section
    • New in v6.0
      • Bidirectional Audio Redirection
      • Remote Active Directory
        • How to install and configure RemoteAD
        • Active Directory credentials mapping
      • Secondary Broker Pool
        • Architecture
        • How To Install a Secondary Broker
        • How To Add a Pool in the Primary Broker
      • H264 Support
        • How to Enable "H264" on your Access Profile
        • Preparing the Remote Desktop for "H264" support
      • Web Profile Manager
        • Remote Desktop
        • VNC/RFB
        • Terminal Connection
        • Web Link
        • Labels
        • Edit Web Profiles
          • General
          • Display
          • Resources
          • Program
          • Experience
          • Advanced
          • Access Hours
          • Permissions
      • WebBridge - Direct File Transfer
        • How to install Thinfinity® WebBridge
        • WebBridge: User Experience
    • Thinfinity® Remote Desktop Manager
      • General
      • Broker
      • Authentication
        • OAuth/2
          • Methods
          • Settings
          • Mappings
          • Configure OAuth with Okta
          • Configure OAuth with Auth0
        • RADIUS
          • Settings
          • Mappings for SSO
        • TOTP (Time-based One-time Password)
          • TOTP Settings
      • Access Profiles
        • RDP Profile Editor
          • General
            • Setting up a Hyper-V Profile
            • Setting up an RDS Collection Profile
          • Display
          • Resources
          • Program
          • Experience
          • Advanced
          • Printer
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication methods
        • Web Link Profile Editor
          • Web Link
          • Permissions
        • RD Web Access Editor
          • General
          • Permissions
        • VNC / RFB Profile Editor
          • Display
          • Permissions
          • Restrictions
          • Access Hours
          • Authentication methods
        • Telnet / SSH Profile Editor
          • Display
          • SSL
          • SSH
          • Options
          • Permissions
          • Authentication methods
          • Access Hours
          • Restrictions
      • Folders
      • Permissions
      • External DLL Authentication Method Settings
      • Duo Authentication Method Settings
        • How to configure DUO
      • SAML Authentication Method Settings
        • Configure SAML with Okta
        • Configure SAML with Centrify
  • Gateway Manager
    • Managing the SSL Certificate
      • The Default Embedded Certificate
      • A Self-Signed Certificate
      • A CA Certificate
  • License Manager
    • License Activation
    • Proxy Activation
    • Get a new Trial Serial Number
    • Activate a Serial Number Online
    • Activate a Serial Number Offline
    • Registering Your License With The License Server Manager
  • Custom Settings
    • Extend the Remote Desktop’s Toolbar
  • Customizing the Toolbar
    • Using customsettings.js
    • Using the 'connect' Method
  • Remote FX
  • Save Session
    • Record a Session
    • Play Recorded Sessions
  • Multi-touch Redirection
  • Enhanced Browser and DPI Support
    • Model Inheritance
    • Property Reference
    • The Calculation Process
    • Examples
  • Silent Install Options
  • Credentials Management
    • User-based Access Profiles
    • Credentials Management
  • Customize Translation
  • Mobile Devices Section
    • Mobile Devices
    • Getting into Thinfinity® Remote Desktop
    • Mouse Control
    • Keyboards and Toolbars
    • Gestures
    • Disconnecting from Thinfinity® Remote Desktop
    • iPad Application
      • Configuration
      • Side Bar
  • Scaling and Load Balancing Section
    • Scaling & Load Balancing
    • Scaling and Load Balancing Configurations
    • Installing Components
    • Configuring a Load Balancing Scenario
    • How to configure your license
  • Integrating Thinfinity® Remote Desktop Section
    • Integrating Thinfinity® Remote Desktop
    • SDK
      • Deploying
      • Using the SDK
      • SDK Login
      • Connect method
        • Placement
        • Destination and Authentication
        • Settings
          • kbdLayout Values
        • Features
        • Events
        • Toolbar Customization
      • Browser Resizing
      • Keystroke Methods
      • SSL Certificate
      • Demo
    • External Authentication
      • Apikey
    • Single Sign On
      • Facebook OAuth Authentication Example
      • Google OAuth/2
        • Google Client ID for Web Applications
      • RADIUS
    • Customizing the Web Interface
      • Changing the Logo
      • Customizing the Web Files
      • Files Location
    • Web Services API
      • Architecture
      • Installing the Web Service
      • Setting up the Communication Settings
      • Profiles Web Service
        • Methods
        • Types
          • The WS Profile type
        • The Demo Applications
      • Analytics Web Service
        • Methods
        • Types
          • WSQueryInfo
          • WSQueryRange
          • WSDBLoginRecord
          • WSSessionRecord
          • WSDBConnectionRecord
          • WSDBBrowserRecord
        • The Demo Application
    • One-Time-URL
      • Configuring the Connection
      • Enabling Features
  • User guide Section
    • User Guide
    • Logging In
    • Advanced Web Features
      • Tree View
      • Listing Options
      • Search bar
    • Accessing from Mobile Devices
      • Connecting with Open Parameters
        • General
        • Display
        • Resources
        • Program
        • Experience
        • Advanced
      • Connecting with Profiles
    • Toolbar
      • Actions
      • File Transfer
      • Options
      • Disconnect
    • Features
      • File Transfer
        • Navigating
        • File Options
        • Remote Folder Area Options
        • Downloading and Uploading files
      • Remote Printer
      • Remote Sound
      • Share Session
      • Mapped Drives
      • Analytics
        • Sessions
        • Connections
        • Logins
        • Browsers
        • Filter
        • Configuring MS SQL Server
          • Analytics Tables Reference
    • Disconnecting
Powered by GitBook
On this page
  1. Advanced Settings Section
  2. New in v6.0

Remote Active Directory

Authentication Against a Remote Active Directory services

PreviousBidirectional Audio RedirectionNextHow to install and configure RemoteAD

Last updated 3 years ago

Thinfinity® Remote AD will allow the same access security all around, allowing the client to manage users and groups in their own environment.

Thinfinity® Remote AD will connect to the client’s Active Directory through a restricted user account. It will query only for the information needed to manage the login and end-user’s permissions to access the remote apps.

Thinfinity® will validate end-users against their own AD and will map with a user account on the app-side AD to create the remote windows session.

Validation and encrypted data will be all still handled by the client’s AD and according to their environment’s policies. The primary broker exchanges information with the Remote AD service on-demand as shown in the following flow:

Login process:

Thinfinity® landing page requests your user’s login credentials and validates them against the clients’ AD. If validated correctly, the end-user will access the Thinfinity® main page, which will allow them to select the app they need to run. By using this method of authentication we can guarantee transparency for your users as well as a secure access method in line with your current security policies.

Validating user permissions:

Each app or desktop link to be presented to the end-user must be validated against the AD according to the configured permissions of the profile. Thinfinity® will validate the current logged on user against the users and groups associated to the profile. To do this it will query remotely to the clients’ AD to verify membership. Only true or false is returned on the query, thus no information can be cached.

Configuring Thinfinity® permissions:

Thinfinity® needs to access the remote AD to list users and groups (only IDs) to associate them to each profile that requires access permissions. Only IDs are retrieved and restricted to the groups that the Thinfinity® Remote AD Service is allowed to based on the Windows Service user account configured.