Connect to a Remote Desktop or Published Application

To connect to a remote desktop or published application, you must provide the name of a server and supply credentials for your user account.

For administrators - Before you have end users access their remote desktops and published applications, test that you can connect to a remote desktop or published application from a client device. You might need to specify a server and supply credentials for your user account.

For end users - If your system administrator sent you an email that contains a URL to use for setting up an RSA SecurID software token on your client device, open that email and verify that you also have the activation code or that the activation code appears at the end of the URL. If your system administrator instructs you to configure the certificate checking mode, see Set the Certificate Checking Mode.

Prerequisites

For administrators - Complete the following tasks:

Obtain credentials for logging in, such as an Active Directory user name and password, RSA SecurID user name and passcode, RADIUS authentication credentials, or smart card personal identification number (PIN).
Obtain the NETBIOS domain name for logging in. For example, you might use mycompany rather than mycompany.com.
Perform the administrative tasks described in Preparing Connection Server for Horizon Client.
If you are outside the corporate network and require a VPN connection to access remote desktops and published applications, verify that the client device is set up to use a VPN connection and turn on that connection.
Verify that you have the fully qualified domain name (FQDN) of the server that provides access to the remote desktop or published application. Underscores (_) are not supported in server names. If the port is not 443, you also need the port number.
If you plan to use embedded RSA SecurID software, verify that you have the correct CT-KIP URL and activation code. See Using Embedded RSA SecurID Software Tokens.
Configure the certificate checking mode for the certificate presented by the server. See Set the Certifiate Checking Mode.
If you plan to use Touch ID to authenticate, add at least one fingerprint in the Touch ID & Passcode setting on the iOS device. For complete Touch ID authentication requirements, see Touch ID Authentication Requirements.
If you plan to use Face ID authentication, verify that the Face ID option is activated and a Face ID scan is enrolled on the client device. For complete Face ID authentication requirements, see Face ID Authentication Requirements.

For end users - Obtain the following information from your system administrator:

Instructions about whether to turn on a VPN (virtual private network) connection.
Server name to use for connecting to the server.
If the port is not 443, the port number to use for connecting to the server.
Credentials for logging in, such as an Active Directory user name and password, RSA SecurID user name and passcode, RADIUS authentication credentials, or smart card personal identification number (PIN).
Instructions about whether you can use Touch ID authentication.
Instructions about whether you can use Face ID authentication.

Procedure

If a VPN connection is required, turn on the VPN.
Open the Horizon app.

Connect to a server.

Option	Action
Connect to a new server	For administrators - Enter the name of a server, enter a description (optional), and tap Connect. If a server has already been added, tap New in the upper-right corner of the window instead. For end users - Enter the name of a server as instructed by your system administrator, enter a description (optional), and tap Add Server. If a server has already been added, tap New in the upper-right corner of the window instead.
Connect to an existing server	Tap the server shortcut in the Servers window.

Option

Action

Connect to a new server

For administrators - Enter the name of a server, enter a description (optional), and tap Connect. If a server has already been added, tap New in the upper-right corner of the window instead.

For end users - Enter the name of a server as instructed by your system administrator, enter a description (optional), and tap Add Server. If a server has already been added, tap New in the upper-right corner of the window instead.

Connect to an existing server

Tap the server shortcut in the Servers window.

Connections between Horizon Client and servers always use TLS. The default port for TLS connections is 443. If the server is not configured to use the default port, use the format servername:port, for example, view.company.com:1443.

If a smart card is required or optional, select the smart card certificate to use and enter your PIN.
If the smart card has only one certificate, that certificate is already selected. If there are many certificates, you can scroll through the certificates.

If you are prompted for RSA SecurID credentials or RADIUS authentication credentials, type your credentials, or, if you plan to use an embedded RSA SecurID token, install an embedded token.

Option	Action
Use an existing token	If you use a hardware authentication token or software authentication token on a smart phone, enter your user name and passcode. The passcode might include both a PIN and the generated number on the token.
Install a software token	Tap External Token. In the Install Software Token dialog box, paste the CT-KIP URL or CTFString URL that your system administrator sent to you in email. If the URL contains an activation code, you do not need to enter a value in the Password or Activation Code text box.

If you are prompted a second time for RSA SecurID credentials or RADIUS authentication credentials, enter the next generated number on the token.
Do not enter your PIN, and do not enter the same generated number that you entered before. If necessary, wait until a new number is generated.
For administrators - This step is required only when you mistype the first passcode or when configuration settings in the RSA server change.
(Optional) To use Touch ID to authenticate, tap the Touch ID (fingerprint) icon on the right-side of the Password text box.
When Touch ID is deactivated, the icon is grey. When Touch ID is activated, the icon turns green. Touch ID authentication is available only if biometric authentication is activated on the server and you have not previously authenticated with Touch ID.
(Optional) To use Face ID to authenticate, tap the Face ID (face) icon on the right-side of the Password text box.
When Face ID is deactivated, the icon is grey. When Face ID is activated, the icon turns green. Face ID authentication is available only if biometric authentication is activated on the server and you have not previously authenticated with Face ID.
If you are prompted for a user name and password, supply your Active Directory credentials.
1. Type the user name and password of a user who is entitled to use at least one desktop or application pool.
2. For administrators - Select a domain. If the Domain drop-down menu is hidden, type the user name as username@domain or domain\username.
3. For end users - Select a domain as instructed by your system administrator. If the Domain drop-down menu is hidden, type the user name as username@domain or domain\username.
4. (Optional) Tap to toggle the Remember this Password option to on if your system administrator has activated this feature and if the server certificate can be fully verified.
5. Tap Login.
If Touch ID or Face ID is activated and you are logging in for the first time, your Active Directory credentials are stored securely in the iOS device's Keychain for future use.
If you are prompted for Touch ID authentication, place your finger on the Home button.
If you are prompted for Face ID authentication, glance at the device.
The first time Horizon Client tries to use Face ID to authenticate, iOS prompts you to allow Horizon Client to use Face ID. If you do not want to use Face ID authentication, tap Don't Allow to enter a user name and password instead.
(Optional) To select the display protocol to use, tap Settings at the bottom of the Horizon Client window and tap Preferred Protocol.
VMware Blast provides better battery life and is the best protocol for high-end 3D and mobile device users.
Tap a remote desktop or published application to connect to it.
If you are connecting to a published desktop, and if the desktop is already set to use the Microsoft RDP display protocol, you cannot connect immediately. You are prompted to have the system log you off the remote operating system so that a connection can be made with the PCoIP display protocol or the VMware Blast display protocol.

Results

After you connect to a remote desktop or published application for the first time, Horizon Client saves a shortcut for the remote desktop or published application on the Recent window. The next time you connect to the remote desktop or published application, you can tap the shortcut instead of tapping the server shortcut.