After a user has successfully authenticated with Horizon, the on-demand agent downloaded and run on the Horizon Client might take some time to register with OPSWAT. If Unified Access Gateway performs a compliance check before it has registered, the user session might be denied. To allow the on-demand agent to register with OPSWAT before the check is made, use Compliance Check Initial Delay.

Compliance Check Initial Delay is a time interval, which is an Endpoint Compliance Check Provider setting. Administrators can configure this time interval to delay the first compliance check after successful user authentication. Unified Access Gateway performs the first compliance check only after the configured time interval has elapsed. If the user launches a desktop or application within the delay time interval, then Unified Access Gateway allows this request and the compliance is not checked. When the compliance check is done, the session can only continue if the response is configured to allow. This timer ensures that a user with a compliance device is not denied access after initial authentication.

After the configured delay time interval has elapsed, Unified Access Gateway performs periodic endpoint compliance checks using the Compliance Check Interval and Compliance Check Fast Interval settings as per the existing behavior. For more information about this behavior, see Time Interval for Periodic Endpoint Compliance Checks.

For more information about the Compliance Check on Authentication option, see Configure Horizon Settings. To configure the initial delay time interval for OPSWAT, see Configure OPSWAT as the Endpoint Compliance Check Provider for Horizon.