SAML and SAML and Passthrough are the supported authentication methods to integrate UAG (Unified Access Gateway) with a third-party identity provider. The authentication method determines how entitlements are presented to the user when accessing the Horizon Client.

While configuring Horizon settings in the UAG, you must select one of the authentication methods.

SAML

In the SAML authentication method, UAG first validates the SAML assertion. If the SAML assertion is valid, UAG passes the SAML assertion to the Horizon Connection Server. For the Horizon Connection Server to accept the assertion, the Connection Server must be configured with the identity provider's metadata. When a user accesses the Horizon Client, the user is presented with entitlements without being prompted to provide the Active Directory credentials.

Note: If the TrueSSO setting is enabled on Horizon Connection Server, SAML authentication method must be used.

SAML and Passthrough

In the SAML and Passthrough authentication method, UAG validates the SAML assertion. If the SAML assertion is valid, the user is prompted to provide the Active Directory authentication credentials when accessing the Horizon Client. In this authentication method, UAG does not pass the SAML assertion to the Horizon Connection Server.