Administrators can create users for unauthenticated access to published applications. After an administrator configures a user for unauthenticated access, the user can log in to the Connection Server instance from Horizon Client only with unauthenticated access.


  • Verify that the Active Directory (AD) user for whom you want to configure unauthenticated access for has a valid UPN. Only an AD user can be configured as an unauthenticated access user.
Note: Administrators can create only one user for each AD account. Administrators cannot create unauthenticated user groups. If you create an unauthenticated access user and there is an existing client session for that AD user, you must restart the client session to make the changes take effect.


  1. In Horizon Administrator, select Users and Groups.
  2. On the Unauthenticated Access tab, click Add.
  3. In the Add Unauthenticated User wizard, select one or more search criteria and click Find to find users based on your search criteria.
    The user must have a valid UPN.
  4. Select a user and click Next.
    Repeat this step to add multiple users.
  5. (Optional) Enter the user alias.
    The default user alias is the user name that was configured for the AD account. End users can use the user alias to log in to the Connection Server instance from Horizon Client.
  6. (Optional) Review the user details and add comments.
  7. Click Finish.


Connection Server creates the unauthenticated access user and displays the user details including user alias, user name, first and last name, number of source pods, application entitlements, and sessions. You can click the number in the Source Pods column to display pod information.

What to do next

Enable unauthenticated access for users in Connection Server. See, Enable Unauthenticated Access for Users.