To provide users the ability to run a Horizon application or desktop from the VMware Identity Manager service and have single sign-on from VMware Identity Manager to the application or desktop, you must configure SAML authentication in all the Horizon Connection Server instances in your Horizon deployment.

About this task


You do not need to perform this task if your organization uses smart card authentication to view resources using a third-party identity provider.


  1. Log in to the Horizon Administrator as a user with the Administrator role assigned.
  2. Configure SAML authentication for each Horizon Connection Server instance in your Horizon deployment. You must use your VMware Identity Manager service's fully-qualified domain name on the Authenticator configuration page.

    The Horizon and VMware Identity Manager servers must be in time sync. If the servers are not in time sync, when you try to run a Horizon application or desktop, an invalid SAML message occurs.