You must select the relevant SAML authentication method and choose the IDP (Identity Provider) supported by your organization in the Horizon settings page on the UAG (Unified Access Gateway). The authentication method determines the login flow for the user when using the Horizon Client with UAG.
- Ensure that you use Horizon Connection Server 7.11 or later versions.
- You must have already uploaded the identity provider's metadata to UAG.
See Upload Identity Provider's SAML Metadata to Unified Access Gateway.
- In the Configure Manually section of the UAG Admin UI, click Select.
- In the General Settings section, for Edge Service Settings, click Show.
- Click the Horizon Settings gearbox icon.
- On the Horizon Settings page, click More to configure the following settings:
Option Description Auth Methods Select
SAML and Passthrough, or
SAML and UnauthenticatedNote: If TrueSSO is enabled on Horizon Connection Server, only SAML authentication method must be used.Important:
If you choose
SAML and Unauthenticated, ensure that you configure the Login Deceleration Level in the Horizon Connection Server to
Low. This configuration is necessary to avoid long delay in login time for endpoint while accessing the remote desktop or application.
For more information about how to configure Login Deceleration Level, see the Horizon Administration documentation at VMware Docs.
Identity Provider Select the Identity Provider that must be integrated with UAG.Note: An identity provider is available for selection only if the identity provider's metadata is uploaded to UAG.To configure the other Horizon settings, see Configure Horizon Settings.