I am writing this to give you a quick insight in how to integrate Horizon deployment with VMware Identity Manager.
To carry out this demonstration, I have following implemented and configured:
Horizon 7.x deployment with a RDSH Manual Farm
VMware Identity Manager with AD Configured
- Login to Horizon Connection server and navigate to View Configuration> Servers and click on Connection Severs. Select one of the connection server and click on Edit.
- In Edit Connection Server Settings, click on Authentication tab. You have two options Allowed or Required for Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator)
- Select Allowed and click on Manage SAML Authenticators
- In Manage SAML Authenticators wizard, click on Add and provide Label & IDP URL and select Enabled for Connection server. Click on OK.
Note: IDP url required you to just add IDM URL in <>, rest syntax is pre-populated.
- Click OK on Manage SAML Authenticators
- Click OK on Edit Connection Server Settings
- You can select Required in case you want to enforce login to Horizon using VMware Identity Manager only. Select Enable Workspace ONE mode and enter the URL for VMware Identity Manager. This will automatically redirect/Launch VMware Identity Manager URL in browser for authentication. Click Ok
- Login to VMware Identity Manager portal and navigate to Catalog>Virtual Apps Collection.
- Click on Get Started
- You will be presented with Select Source Type, Click on SELECT under Horizon
- In New Horizon Collection Wizard, Provide a Name to collection and click on NEXT
- Under Pod and Federation, Click on ADD A POD.
- In Add a Pod wizard, Enter Connection server URL, Username, Password and click ADD.
Note: I have not enabled TrueSSO which I will discuss in other article.
- POD is now added, click on NEXT
- I have left below options as default. Click NEXT
- Click on SAVE & CONFIGURE NETWORK RANGE
- Define Internal or External Range as per your requirements. Click on FINISH
- You can verify a collection is added to Virtual App Collections, Select the newly added collection <Desktop> and click on SYNC
- Sync Wizard will start calculating time and will show you list of Applications, Desktops and Assignments. Click on SAVE
- Once synchronization is complete, Navigate to Catalog>Virtual Apps
- Verify that Desktop and Application from Horizon POD are synced here.
- Launch VMware Identity Manager portal from a new browser session and login with your User’s credentials. You will see desktop is assigned to user. Click on Open for RDSH POOL.
- Depending on the preferences, desktop will open in Browser tab or Horizon Client.
This completes our integration walk-through. In next article, will talk about what happens to desktop login when user login with MFA and how to resolve that. Thanks for reading.
Can we set up the UAG url instead Connetion Server in the POD Configuration?
Hi William
UAG doesn’t provide access to Horizon Admin console to sync resources.
Awsome Blog Mazhar !
Im assuming this is for internal access only. What about for external access? How would you configure it to utilize resources on the outside world?
For connection coming in from outside world, we have to leverage on UAG and same need to be defined in POD settings for corresponding to ALL ranges.
Very Nice..