To launch remote desktops and applications from Workspace, you must create a SAML authenticator in View Administrator. A SAML authenticator contains the trust and metadata exchange between View and Workspace.

About this task

You associate a SAML authenticator with a View Connection Server instance. If your deployment includes more than one View Connection Server instance, you must associate the SAML authenticator with each instance.


  • Verify that Workspace is installed and configured. See the VMware Workspace Portal Installation and Configuration Guide.

  • Verify that the root certificate for the signing CA for the SAML server certificate is installed on the View Connection Server host. VMware does not recommend that you configure SAML authenticators to use self-signed certificates. For information about certificate authentication, see the View Installation document.

  • Make a note of the FQDN or IP address of the Workspace Gateway server or external-facing load balancer.

  • Make a note of the URL of the Workspace Connector Web interface.


  1. In View Administrator, select View Configuration > Servers.
  2. On the Connection Servers tab, select a View Connection Server instance to associate with the SAML authenticator and click Edit.
  3. On the Authentication tab, select a setting from the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable or disable the SAML authenticator.




    SAML authentication is disabled. You can launch remote desktops and applications only from Horizon Client.


    SAML authentication is enabled. You can launch remote desktops and applications from both Horizon Client and Workspace.


    SAML authentication is enabled. You can launch remote desktops and applications only from Workspace. You cannot launch desktops or applications from Horizon Client manually.

    You can configure each View Connection Server instance in your deployment to have different SAML authentication settings, depending on your requirements.

  4. Select Create New Authenticator from the SAML Authenticator drop-down menu, or, if a SAML authenticator has already been added, click Manage Authenticators and click Add.
  5. Configure the SAML authenticator in the Add SAML 2.0 Authenticator dialog box.




    Unique name that identifies the SAML authenticator.


    Brief description of the SAML authenticator. This value is optional.

    Metadata URL

    URL for retrieving all of the information required to exchange SAML information between the SAML identity provider and the View Connection Server instance. Click <YOUR HORIZON SERVER NAME> and replace it with the FQDN or IP address of the Workspace Gateway server or external-facing load balancer.

    Administration URL

    URL for accessing the administration console of the SAML identity provider. This URL should point to the Workspace Connector Web interface. This value is optional.

  6. Click OK to save the SAML authenticator configuration.

    If you provided valid information, you must either accept the self-signed certificate (not recommended) or use a trusted certificate for View and Workspace.

    The SAML 2.0 Authenticator drop-down menu displays the newly created authenticator, which is now set as the selected authenticator.

  7. In the System Health section on the View Administrator dashboard, select Other components > SAML 2.0 Authenticators, select the SAML authenticator that you added, and verify the details.

    If the configuration is successful, the authenticator's health is green. An authenticator's health can display red if the certificate is untrusted, if Workspace Gateway is unavailable, or if the metadata URL is invalid. If the certificate is untrusted, you might be able to click Verify to validate and accept the certificate.