To provide users the ability to run a Horizon application or desktop from the VMware Identity Manager service and have single sign-on from VMware Identity Manager to the application or desktop, you must configure SAML authentication in all the Horizon Connection Server instances in your Horizon deployment.

About this task

Note:

You do not need to perform this task if your organization uses smart card authentication to view resources using a third-party identity provider.

Procedure

  1. Log in to the Horizon Administrator as a user with the Administrator role assigned.
  2. Configure SAML authentication for each Horizon Connection Server instance in your Horizon deployment. You must use your VMware Identity Manager service's fully-qualified domain name on the Authenticator configuration page.
    Important:

    The Horizon and VMware Identity Manager servers must be in time sync. If the servers are not in time sync, when you try to run a Horizon application or desktop, an invalid SAML message occurs.