By integrating your node with an on-premises or cloud-hosted VMware Identity Manager™ environment, you give your VMware Identity Manager users the ability to access their entitled desktops using their Workspace ONE.

About this task

VMware Identity Manager is an Identity as a Service (IDaaS) offering that provides application provisioning, a self-service catalog, conditional access controls, and single sign-on (SSO) for SaaS, web, cloud, and native mobile applications. VMware Identity Manager is available both as an on-premises product and as a service hosted by VMware.

For an overview of this integration from the perspective of the VMware Identity Manager environment, see the Providing Access to Horizon Cloud overview. You configure RDS desktop and remote application assignments for your users and groups in the Horizon Cloud Administration Console as usual. After you complete the steps to integrate your node with your VMware Identity Manager environment, you sync the node's assignment information to the VMware Identity Manager service. Then you can see the desktops and applications in the VMware Identity Manager administration console and your end users can access their RDS desktops from their Workspace ONE. You can set up a regular sync schedule to sync the assignment information from Horizon Cloud to your VMware Identity Manager environment.

The following list is a high-level summary of the end-to-end steps to enable your end users to access their entitled desktops using the Workspace ONE portal.

  1. Obtain a VMware Identity Manager environment, either by deploying the on-premises version or by subscribing to the cloud-hosted version.

  2. Deploy VMware Identity Manager according to the VMware Identity Manager guidelines for the deployment model you are using.

    If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. For details, see the description of the deployment scenario in the VMware Identity Manager documentation.

  3. Ensure that you meet the VMware Identity Manager prerequisites for integration, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Prerequisites

    Cloud-hosted

    Prerequisites for Integration

    On-premises version 2.8.x

    Prerequisites for Integration

  4. Install certificates into your VMware Identity Manager environment that match those in your Horizon Cloud environment.

  5. Enable the desktops from your Horizon Cloud environment to the VMware Identity Manager environment, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Link to Desktop Enablement Documentation

    Cloud-hosted

    Enable Horizon Cloud Desktops and Apps in VMware Identity Manager

    On-premises version 2.8.x

    Enable Horizon Cloud Desktops and Apps in VMware Identity Manager

  6. Configure Horizon Cloud for VMware Identity Manager access. See Configure a Horizon Cloud Node for VMware Identity Manager.

  7. In your VMware Identity Manager environment, sync the entitled desktops and applications to VMware Identity Manager, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Link to Desktop Enablement Steps

    Cloud-hosted

    Syncing Horizon Cloud Desktops and Apps with VMware Identity Manager

    On-premises version 2.8.x

    Syncing Horizon Cloud Desktops and Apps in VMware Identity Manager

  8. Verify end-user access to desktops and applications by logging in to Workspace ONE as an end user and launching a desktop and application from the catalog. See Confirm End-User Access to Desktop Assignments in VMware Identity Manager.

Prerequisites

To complete the integration process through the step of verifying end-user access to the node-provided RDS desktops or remote applications using Workspace ONE, ensure that you have the following items.

  • A fully configured Horizon Cloud node, that has either Unified Access Gateway deployed or has trusted certificates uploaded to it. For steps on uploading certificates to your Horizon Cloud node, see Upload SSL Certificates to a Horizon Cloud Node.

  • Session desktop assignments or remote application assignments are configured.

  • Access to your organization's configured VMware Identity Manager environment, either an on-premises or a cloud-hosted environment. Your VMware Identity Manager environment must be configured with trusted certificates.

    If you are deploying VMware Identity Manager on premises, follow the deployment information in the VMware Identity Manager documentation center for your version of the on-premise product. The documentation centers for each on-premise product version are available from the VMware Identity Manager documentation page. For the specific versions of the on-premises VMware Identity Manager product that are supported for use with this release, see the VMware Product Interoperability Matrixes at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

    If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. Follow the steps as documented in the VMware Identity Manager documentation center, and see the description of this deployment scenario and subtopics. For the connector version that is required for this release, see the VMware Product Interoperability Matrixes at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

Verify that your configured VMware Identity Manager environment meets the prerequisites for integration with Horizon Cloud resources, as described in the VMware Identity Manager documentation.

VMware Identity Manager environment

Prerequisites

Cloud-hosted

Prerequisites for Integration

On-premises version 2.8.x

Prerequisites for Integration

What to do next

After you have verified the integration is working, you can optionally enforce end users to access their desktops and applications using VMware Identity Manager. See Enforce End-User Access Through VMware Identity Manager.