With the True SSO (single sign-on) feature, after users log in to VMware Identity Manager using a smart card or RSA SecurID or RADIUS authentication, or a third-party identity provider using an Unified Access Gateway appliance, users are not required to also enter Active Directory credentials in order to use a virtual desktop or published desktop or application.

Note: To set up True SSO in Horizon Console, see the "Setting Up True SSO" topics available in the VMware Horizon documentation at https://docs.vmware.com/en/VMware-Horizon/index.html.

If a user authenticates by using Active Directory credentials, the True SSO feature is not necessary, but you can configure True SSO to be used even in this case, so that the AD credentials that the user provides are ignored and True SSO is used.

When connecting to a virtual desktop or published application, users can select to use either the native Horizon Client or HTML Access.

This feature has the following limitations:

  • This feature does not work for virtual desktops that are provided by using the View Agent Direct Connection plug-in.
  • This feature is supported only in IPv4 environments.

Following is a list tasks you must perform to set up your environment for True SSO:

  1. Determining an Architecture for True SSO
  2. Set Up an Enterprise Certificate Authority
  3. Create Certificate Templates Used with True SSO
  4. Install and Set Up an Enrollment Server
  5. Export the Enrollment Service Client Certificate
  6. Configure SAML Authentication to Work with True SSO
  7. Configure Horizon Connection Server for True SSO