SAML Audiences is a feature supported by UAG (Unified Access Gateway) for Edge services such as Horizon and Web Reverse Proxy. By using the SAML Audiences feature, UAG administrators can restrict the audiences accessing Horizon clients and backend applications.
In the Horizon Edge service, both SAML and SAML and Passthrough authentication methods support SAML Audiences. In the Web Reverse Proxy Edge service, only when Identity Bridging is enabled, SAML authentication method supports SAML Audiences.
If SAML Audiences is configured with values, then UAG validates this list of values against the audiences received in SAML assertion. If there is at least one match, then the SAML assertion is accepted. If there is no match, UAG rejects the SAML assertion. If SAML Audiences is not configured, then UAG does not validate the audiences in the SAML assertion.
To restrict audiences for the Horizon Edge service, see Configure Horizon Settings. To restrict audiences for the Web Reverse Proxy Edge service, see Configure a Web Reverse Proxy for Identity Bridging (SAML to Kerberos).