You must select the relevant SAML authentication method and choose the IDP (Identity Provider) supported by your organization in the Horizon settings page on the UAG (Unified Access Gateway). The authentication method determines the login flow for the user when using the Horizon Client with UAG.

For information about authentication methods, see Authentication Methods for Unified Access Gateway and Third-Party Identity Provider Integration

Prerequisites

Procedure

  1. In the Configure Manually section of the UAG Admin UI, click Select.
  2. In the General Settings section, for Edge Service Settings, click Show.
  3. Click the Horizon Settings gearbox icon.
  4. On the Horizon Settings page, click More to configure the following settings:
    Option Description
    Auth Methods Select SAML, SAML and Passthrough, or SAML and Unauthenticated
    Note: If TrueSSO is enabled on Horizon Connection Server, only SAML authentication method must be used.
    Important:

    If you choose SAML and Unauthenticated, ensure that you configure the Login Deceleration Level in the Horizon Connection Server to Low. This configuration is necessary to avoid long delay in login time for endpoint while accessing the remote desktop or application.

    For more information about how to configure Login Deceleration Level, see the Horizon Administration documentation at VMware Docs.
    Identity Provider Select the Identity Provider that must be integrated with UAG.
    Note: An identity provider is available for selection only if the identity provider's metadata is uploaded to UAG.
    To configure the other Horizon settings, see Configure Horizon Settings.