To connect to a remote desktop or published application, you must provide the name of a server and supply credentials for your user account.

For administrators - Before you have end users access their remote desktops and published applications, test that you can connect to a remote desktop or published application from a client device. You might need to specify a server and supply credentials for your user account.

For end users - If your system administrator sent you an email that contains a URL to use for setting up an RSA SecurID software token on your client device, open that email and verify that you also have the activation code or that the activation code appears at the end of the URL. If your system administrator instructs you to configure the certificate checking mode, see Set the Certificate Checking Mode.

Prerequisites

For administrators - Complete the following tasks:
  • Obtain credentials for logging in, such as an Active Directory user name and password, RSA SecurID user name and passcode, RADIUS authentication credentials, or smart card personal identification number (PIN).
  • Obtain the NETBIOS domain name for logging in. For example, you might use mycompany rather than mycompany.com.
  • Perform the administrative tasks described in Preparing Connection Server for Horizon Client.
  • If you are outside the corporate network and require a VPN connection to access remote desktops and published applications, verify that the client device is set up to use a VPN connection and turn on that connection.
  • Verify that you have the fully qualified domain name (FQDN) of the server that provides access to the remote desktop or published application. Underscores (_) are not supported in server names. If the port is not 443, you also need the port number.
  • If you plan to use embedded RSA SecurID software, verify that you have the correct CT-KIP URL and activation code. See Using Embedded RSA SecurID Software Tokens.
  • Configure the certificate checking mode for the certificate presented by the server. See Setting the Certificate Checking Mode in Horizon Client.
  • If you plan to use fingerprint authentication, verify that the Fingerprint Authentication option is activated and at least one fingerprint is enrolled on the client device. For complete fingerprint authentication requirements, see Fingerprint Authentication Requirements.
For end users - Obtain the following information from your system administrator:
  • Instructions about whether to turn on a VPN (virtual private network) connection.
  • Server name to use for connecting to the server.
  • If the port is not 443, the port number to use for connecting to the server.
  • Credentials for logging in, such as an Active Directory user name and password, RSA SecurID user name and passcode, RADIUS authentication credentials, or smart card personal identification number (PIN).
  • Domain name for logging in.
  • Instructions about whether you can use fingerprint authentication.

Procedure

  1. If a VPN connection is required, turn on the VPN.
  2. Open the Horizon app.
  3. Connect to a server.
    Option Action
    Connect to a new server

    For administrators - Enter the name of a server, enter a description (optional), and tap Connect. If a server has already been added, tap New in the upper-right corner of the window instead.

    For end users - Enter the name of a server as instructed by your system administrator, enter a description (optional), and tap Add Server. If a server has already been added, tap New in the upper-right corner of the window instead.

    Connect to an existing server Tap the server shortcut in the Servers window.
    Connections between Horizon Client and servers always use TLS. The default port for TLS connections is 443. If the server is not configured to use the default port, use the format servername:port, for example, view.company.com:1443.
  4. If a smart card is required or optional, select the smart card certificate to use and enter your PIN.
    If the smart card has only one certificate, that certificate is already selected. If there are many certificates, you can scroll through the certificates.
  5. If you are prompted for RSA SecurID credentials or RADIUS authentication credentials, type your credentials, or, if you plan to use an embedded RSA SecurID token, install an embedded token.
    Option Action
    Use an existing token If you use a hardware authentication token or software authentication token on a smart phone, enter your user name and passcode. The passcode might include both a PIN and the generated number on the token.
    Install a software token
    1. Tap External Token.
    2. In the Install Software Token dialog box, paste the CT-KIP URL or CTFString URL that your system administrator sent to you in email. If the URL contains an activation code, you do not need to enter a value in the Password or Activation Code text box.
  6. If you are prompted a second time for RSA SecurID credentials or RADIUS authentication credentials, enter the next generated number on the token.
    Do not enter your PIN, and do not enter the same generated number that you entered before. If necessary, wait until a new number is generated.

    For administrators - This step is required only when you mistype the first passcode or when configuration settings in the RSA server change.

  7. If you are prompted for a user name and password, supply your Active Directory credentials.
    1. For administrators - Select a domain. If the Domain drop-down menu is hidden, type the user name as username@domain or domain\username.
    2. For end users - Select a domain as instructed by your system administrator. If the Domain drop-down menu is hidden, type the user name as username@domain or domain\username.
    3. If the Enable Fingerprint check box is available, select it to use fingerprint authentication.
      The Enable Fingerprint check box is available only if biometric authentication is activated on the server and you have not previously authenticated with fingerprint authentication.
    4. Optional: Select the Save Password check box if your system administrator has activated this feature and if the server certificate can be fully verified.
      If you are saving a password for the first time, you are prompted to activate the device administrator, which is required to save a password on client devices.
    5. Tap Login.
      If fingerprint authentication is activated and you are logging in for the first time, your Active Directory credentials are stored securely in the client device's database for future use.
  8. If you are prompted for fingerprint authentication, place your finger on the fingerprint sensor.
    If you do not want to use fingerprint authentication, tap Cancel. You can connect to the server again and tap Use password to enter a user name and password.
  9. Optional: To select the display protocol to use, tap the Switch Protocol icon in the upper-right corner of the desktop and application selector window.
    VMware Blast provides better battery life and is the best protocol for high-end 3D and mobile device users.
  10. Tap a remote desktop or published application to connect to it.
    If you are connecting to a published desktop, and if the desktop is already set to use the Microsoft RDP display protocol, you cannot connect immediately. You are prompted to have the system log you off the remote operating system so that a connection can be made with the PCoIP display protocol or the VMware Blast display protocol.

Results

If you are using Horizon Client on a Chromebook, or on an Android device in DeX desktop mode, the remote desktop or published application starts in a new window instead of in the original window. The desktop and application selector window remains open so that you can connect to multiple remote desktops and published applications. If you open a new published application, Horizon Client opens all previous published application sessions. You can have a maximum of four remote sessions open at the same time.

After you connect to a remote desktop or published application for the first time, Horizon Client saves a shortcut for the remote desktop or published application on the Recent tab. The next time you connect to the remote desktop or published application, you can tap the shortcut instead of tapping the server shortcut.