To configure SAML authentication, you need to create a federation artifact for the Horizon Cloud tenant.

Prerequisites

Verify the following with your service provider:

  • The Horizon Cloud tenant name is a fully-qualified domain name (FQDN). For example, server-ta1-1.example.com instead of server-ta1-1.

  • The Horizon Cloud tenant appliances have valid SSL certificates from a CA installed. Self-signed certificates are not supported. The certificate must match the FQDN of the tenant appliance.

Procedure

  1. In the VMware Identity Manager administration console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, select Horizon Cloud.
  3. Enter the information for your environment to create a federation artifact.

    Setting

    Description

    Assertion Consumer Service

    URL to which to post the SAML assertion. This URL is typically the Horizon Cloud tenant's floating IP or Access Point URL. For example, https://mytenant.example.com.

    Audience

    Unique identifier of the Horizon Cloud tenant. This URL is typically the Horizon Cloud tenant's floating IP or Access Point URL. For example, https://mytenant.example.com.

    Tenant Appliance URLs

    The URL of the Horizon Cloud tenant appliance, in the format https://TenantApplianceFQDN/admin/SAML/metadata. If you have multiple tenant appliances, click Add Tenant Appliance URL to add the URLs.

    If the tenant appliances are behind a floating IP or Access Point appliance, specify the floating IP or Access Point appliance URL, in the format https://FloatingIPorAccessPointFQDN/admin/SAML/metadata.

    For example:

    Federation Artifact


  4. Click the Accept Certificate link next to each Horizon Cloud tenant appliance URL to accept the certificate.
    Important:

    If you change the SSL certificate on the Horizon Cloud tenant appliance after integration, you must return to this page and accept the certificate again to re-establish trust.

  5. Click Save.

What to do next

Configure SAML authentication in the Horizon Cloud tenant.