Integration between View and VMware Identity Manager (formerly called Workspace Portal) uses the SAML 2.0 standard to establish mutual trust, which is essential for single sign-on (SSO) functionality. When SSO is enabled, users who log in to VMware Identity Manager or Workspace Portal with Active Directory credentials can launch remote desktops and applications without having to go through a second login procedure.
When VMware Identity Manager and View are integrated, VMware Identity Manager generates a unique SAML artifact whenever a user logs in to VMware Identity Manager and clicks a desktop or application icon. VMware Identity Manager uses this SAML artifact to create a Universal Resource Identifier (URI). The URI contains information about the View Connection Server instance where the desktop or application pool resides, which desktop or application to launch, and the SAML artifact.
VMware Identity Manager sends the SAML artifact to the Horizon client, which in turn sends the artifact to the View Connection Server instance. The View Connection Server instance uses the SAML artifact to retrieve the SAML assertion from VMware Identity Manager.
After a View Connection Server instance receives a SAML assertion, it validates the assertion, decrypts the user's password, and uses the decrypted password to launch the desktop or application.
Setting up VMware Identity Manager and View integration involves configuring VMware Identity Manager with View information and configuring View to delegate responsibility for authentication to VMware Identity Manager.
To delegate responsibility for authentication to VMware Identity Manager, you must create a SAML authenticator in View. A SAML authenticator contains the trust and metadata exchange between View and VMware Identity Manager. You associate a SAML authenticator with a View Connection Server instance.
If you intend to provide access to your desktops and applications through VMware Identity Manager, verify that you create the desktop and application pools as a user who has the Administrators role on the root access group in View Administrator. If you give the user the Administrators role on an access group other than the root access group, VMware Identity Manager will not recognize the SAML authenticator you configure in View, and you cannot configure the pool in VMware Identity Manager.