After you have registered an Active Directory domain with your Horizon Cloud environment, you can configure True SSO for it. True SSO is a feature that integrates with VMware Identity Manager™ to allow users to single sign-on to the virtual Windows desktops and applications served by Horizon Cloud without needing to also enter their Active Directory credentials into the Windows operating system. When True SSO is configured for your environment, the end users authenticate by logging into VMware Identity Manager™. After that authentication, the user is able to launch their entitled desktops or applications without a prompt for Active Directory credentials.
Configuring True SSO for use with your environment is a multi-step process. At a high-level, the steps are:
Set up the infrastructure required for True SSO to operate, which involves:
Installing and configuring a Windows Server Certificate Authority (CA) to be an enterprise CA . The procedures in this section are for Windows Server 2012 R2. Very similar steps can be followed on Windows Server 2008 R2.
Setting up a certificate template on the CA.
Downloading the Horizon Cloud pairing bundle from the Administration Console's Active Directory page. The pairing bundle is used when setting up the Enrollment Server.
Setting up the Enrollment Server.
Adding the Enrollment Server information to the Administration Console's Active Directory page.
When the configuration is complete, the CA will issue certificates on behalf of the users, and those certificates will be used to log the users in to their allocated desktops. Horizon Cloud appliance will ask the ES to issue certificates on behalf of users. The ES will generate the requested certificate on behalf of the requested user via the CA and return it to the Horizon Cloud appliance.
Before configuring True SSO, you must first have at least one Identity Manager configured. See Identity Management Page.
After completing the steps, your environment is configured with True SSO.