If you have an Unauthenticated Access user account, you can log in to a server anonymously and connect to your published applications.

Before you have end users access a published application with the Unauthenticated Access feature, test that you can connect to the published application from a client device. You might need to specify a server and supply credentials for your user account.

By default, users select the Unauthenticated Access setting from the Options menu and select a user account to log in anonymously. A Horizon administrator can configure group policy settings to preselect the Unauthenticated Access setting and log in users with a specific Unauthenticated Access user account.


  • Perform the administrative tasks described in Preparing Connection Server for Horizon Client.
  • Set up Unauthenticated Access users on the Connection Server instance. For information, see "Providing Unauthenticated Access for Published Applications" in the Horizon Administration document.
  • If you are outside the corporate network, verify that your client device is set up to use a VPN connection and turn on that connection.
  • Verify that you have the fully qualified domain name (FQDN) of the server that provides access to the published application. Underscores (_) are not supported in server names. If the port is not 443, you also need the port number.
  • Configure the certificate checking mode for the certificate presented by the server in Horizon Client. To determine which mode to use, see Setting the Certificate Checking Mode in Horizon Client.
  • (Optional) Configure the Account to use for Unauthenticated Access and Enable Unauthenticated Access to the server group policy settings to change the default Unauthenticated Access behavior. For information, see Using Group Policy Settings to Configure Horizon Client.


  1. If a VPN connection is required, turn on the VPN.
  2. Start Horizon Client.
  3. Click Options in the menu bar and select Unauthenticated Access.
    Depending on how the client system is configured, this setting might be preselected.
  4. Connect to the server on which you have unauthenticated access.
    Option Action
    Connect to a new server

    Click the + Add Server button, or click the + Add Server button in the menu bar, enter the name of the server, and click Connect.

    Connect to an existing server Double-click the server icon on the Horizon Client home window.
    Connections between Horizon Client and the server always use TLS. The default port for TLS connections is 443. If the server is not configured to use the default port, use the format shown in this example: view.company.com:1443.
    You might see a message that you must confirm before the Login dialog box appears.
  5. When the Login dialog box appears, select an account from the User account drop-down menu, if necessary.
    If only one user account is available, the drop-down menu is disabled and the user account is preselected.
  6. (Optional) If the Always use this account check box is available, select it to bypass the Login dialog box the next time you connect to the server.
    To deselect this setting before you connect to the server the next time, right-click the server icon on the Horizon Client home window and select Wipe Unauthenticated Account.
  7. Click Login to log in to the server.
    The application selector window appears.
  8. To start a published application, double-click the published application icon.