Before you integrate Horizon Cloud with VMware Identity Manager, ensure that you meet the prerequisites.

  • Verify that you have the following setup:

    • A VMware Identity Manager tenant

    • A Horizon Cloud tenant that is accessible by the VMware Identity Manager connector. Work with your Horizon Cloud representative to set this up.

    • A VMware Identity Manager connector appliance installed on premises. See Deployment Scenario for Horizon Cloud Integration for information.

      Connector version 2016.1.1 or later is required for Horizon Cloud integration.

  • Verify that your Horizon Cloud tenant meets the following requirements.

    • The tenant name must be a fully qualified domain name (FQDN), not just a host name. For example, server-ta1.example.com instead of server-ta1.

    • The tenant appliances must have valid, signed certificates issued by a CA. Self-signed certificates are not supported. The certificate must match the FQDN of the tenant appliance.

    • If you created your VMware Identity Manager directory with UPN as a search attribute, and you intend to sync static desktop pools from the Horizon Cloud tenant, your service provider must enable UPN for the tenant and restart the tenant appliance, otherwise users will be unable to launch static desktops.

  • Ensure that the Horizon Cloud tenant and the VMware Identity Manager tenant are in time sync. If they are not in time sync, an invalid SAML error can occur when users launch Horizon Cloud desktops and applications.

  • Create and configure desktop and application pools, also known as assignments, in the Horizon Cloud tenant administration console. You can create the following types of pools in the Horizon Cloud tenant:

    • Dynamic desktop pool, also known as floating desktop assignment

    • Static desktop pool, also known as dedicated desktop assignment

    • Session-based pool with desktops, also known as session desktop assignment

    • Session-based pool with applications, also known as remote application assignment

      For more information about the types of pools, see the Horizon Air documentation.

    The following limitations apply.

    • You can only sync from a single Horizon Cloud tenant to VMware Identity Manager.

  • Set user and group entitlements to Horizon Cloud desktops and applications in the Horizon Air tenant administration console.

    Note:

    Only entitlements for users that belong to a registered group are synced. Users who do not belong to any group will not see their entitlements in VMware Identity Manager.

  • In the VMware Identity Manager administration console, ensure that users and groups with these entitlements are synced from Active Directory to VMware Identity Manager using directory sync.