This documentation page provides a brief introduction to the use of identity and access management in a Horizon Cloud Service - next-gen environment and lists links to pages with more detailed information.

Understanding User Identity and Machine Identity

Horizon Cloud Service - next-gen differs from other environments in how it handles identity. In Horizon Cloud Service - next-gen, the service makes a distinction between user identity and machine identity, and it relies on both types of identity when establishing a secure connection between a client and a remote desktop or application.

Note: You might be new to this distinction between user identity and machine identity if you are more familiar with environments that use a single identity provider to authenticate both user and machine identity, such as the first-generation Horizon Cloud environment or a Horizon 8 on-premises environment.

In Horizon Cloud Service - next-gen, you must set up an identity configuration consisting of an identity provider to authenticate the user identity and an identity provider to authenticate the machine identity.

User identity
Horizon Cloud Service - next-gen requires you to register a user identity provider. The service uses this identity provider to authenticate client users attempting to access remote desktops and applications.
Machine identity
Horizon Cloud Service - next-gen also requires you to register a machine identity provider. The service uses this identity provider to establish the machine identity of virtual machines that provide remote desktops and applications.

Through the machine identity provider, the service joins remote desktops and the virtual machine sources for remote applications to the trusted network domain that client users are entitled to access.

Requirements for User Identity and Machine Identity

For detailed information about the identity configurations supported by Horizon Cloud Service - next-gen and the detailed requirements for user identity and machine identity, see Requirements Checklist for Deploying a Microsoft Azure Edge to Horizon Cloud Service - next-gen.

Administrators and Role-Based Access Control (RBAC)

For administrator access to your environment, the service provides role-based access control using the features of VMware Cloud services. These controls ensure that only authorized personnel have the appropriate levels of access. The controls are based on the principle of least privilege. For more information, refer to the section About Adding More Users and Assigning Roles located in the onboarding page.

Learn More

Use the following links to access further information about identity and access management configuration for your environment.