To connect to a remote desktop or application, you must provide the name of a server and supply credentials for your user account.


Obtain the following information from your administrator:

  • Instructions about whether to turn on a VPN (virtual private network) connection.
  • Server name to use for connecting to the server.
  • Port number to use for connecting to the server if the port is not 443.
  • Credentials to log in, such as an Active Directory user name and password, RSA SecurID user name and passcode, RADIUS authentication user name and passcode, or smart card personal identification number (PIN).
  • Domain name for logging in.
  • Instructions about whether you can use fingerprint authentication.

If your administrator sent you an email that contains a URL to use for setting up an RSA SecurID software token on your client device, open that email and verify that you also have the activation code or that the activation code appears at the end of the URL.

For more information about the administrative tasks involved in setting up an embedded RSA SecurID software token, see the Using VMware Horizon Client document for your device.

Determine which mode of certificate verification checking to use. See Setting the Certificate Checking Mode for Horizon Client.


  1. If a VPN connection is required, turn on the VPN.
  2. Tap the Horizon app icon on the Home screen.
  3. Connect to a server.
    Option Action
    Connect to a new server Enter the name of a server, enter a description (optional), and tap Connect.
    Connect to an existing server Tap the server shortcut on the Servers tab.
    Connections between Horizon Client and servers always use SSL. The default port for SSL connections is 443. If the server is not configured to use the default port, use the format shown in this example:
  4. If a smart card is required or optional, select the smart card certificate to use and enter your PIN.
    If your smart card has only one certificate, that certificate is already selected. If there are many certificates, you can scroll through them if necessary.
  5. If you are prompted for RSA SecurID credentials or RADIUS authentication credentials, either type your credentials or, if you plan to use an embedded RSA SecurID token, install an embedded token.
    Option Action
    Existing token If you use a hardware authentication token or software authentication token on a smart phone, enter your user name and passcode. The passcode might include both a PIN and the generated number on the token.
    Install software token Click External Token. In the Install Software Token dialog box, paste the CT-KIP URL or CTFString URL that your administrator sent to you in email. If the URL contains an activation code, you do not need to enter anything in the Password or Activation Code text box.
  6. If you are prompted a second time for RSA SecurID credentials or RADIUS authentication credentials, enter the next generated number on the token.
    Do not enter your PIN and do not enter the same generated number entered previously. If necessary, wait until a new number is generated.
  7. If you are prompted for a user name and password, supply Active Directory credentials.
    1. Type the user name and password as instructed by your administrator.
    2. Select a domain.
      If the Domain drop-down menu is hidden, you must type the user name as username@domain or domain\username.
    3. (Optional) If the Enable Fingerprint check box is available, select it to use fingerprint authentication.
      The Enable Fingerprint check box is available only if biometric authentication is enabled on the server and you have not previously authenticated with fingerprint authentication.
    4. (Optional) Select the Save Password check box if your administrator has enabled this feature and if the server certificate can be fully verified.
      If this is the first time you are saving a password, you are prompted to activate the device administrator, which is required to save a password on Android devices.
    5. Tap Connect.

    If fingerprint authentication is enabled and you are logging in for the first time, your Active Directory credentials are stored securely in the Android device's database for future use.

  8. If you are prompted for fingerprint authentication, place your finger on the fingerprint sensor.
    If you do not want to use fingerprint authentication, tap Cancel. You can connect to the server again and tap Use password to enter a user name and password.
  9. (Optional) Tap the display protocol settings icon in the upper-right corner of the screen to select the display protocol to use.
    VMware Blast provides better battery life and is the best protocol for high-end 3D and mobile device users. The default display protocol is PCoIP.
  10. Tap a desktop or application to connect to it.
    If you are using smart card authentication, you are not prompted to supply your PIN again, but the login process takes longer than if you use Active Directory authentication.
    If you are connecting to a published desktop, which is hosted on a Microsoft RDS host, and if the desktop is already set to use the Microsoft RDP display protocol, you cannot connect immediately. You are prompted to have the system log you off the remote operating system so that a connection can be made with the PCoIP display protocol or the VMware Blast display protocol. VMware Blast requires Horizon Agent 7.0 or later.


After you connect to a desktop or application for the first time, a shortcut for the desktop or application is saved to the Recent tab. The next time you want to connect to the remote desktop or application, you can tap the shortcut instead of typing the server's name.