If you are using a SAML 2.0 identity provider, you can directly integrate the identity provider with UAG (Unified Access Gateway) to support Horizon Client user authentication. To use SAML third-party integration with UAG, you must use Horizon Connection Server 7.11 or later versions.

The authentication sequence can be SAML and Passthrough for SAML authentication and AD password authentication or only SAML when used with Horizon True SSO.

Unified Access Gateway supports unauthenticated access to a Horizon Client user logging into Unified Access Gateway when integrated with a SAML identity provider. After the initial authentication with Unified Access Gateway, the user can receive entitlements for published applications with no additional authentication. The SAML and Unauthenticated method supports this feature.

With the UAG and third-party SAML identity provider integration support, Workspace ONE Access installation is not used.

To integrate UAG with the identity provider, you must configure the identity provider with service provider (UAG) information, upload the identity provider's metatdata file to UAG and configure Horizon settings on the UAG Admin UI console.

For information about authenticating users to Horizon Client without being prompted for Active Directory credentials, see Authenticating Users Without Requiring Credentials and related information in the Horizon Administration guide at VMware Docs.