When you have integrated your Horizon Cloud environment with your VMware Identity Manager environment, you can specify that end users must use Workspace ONE to access their desktops. Requiring end users to access their desktops through Workspace ONE prevents direct desktop access using their Horizon Client or by HTML access. This enforcement is useful when you want to use the two-factor authentication method that is set in your VMware Identity Manager environment.

About this task

Your end users typically launch their entitled desktops using the following methods.

  • From a browser, by loading the FQDN for end user access that your organization's DNS records have associated with your Horizon Cloud node.

  • From the Horizon Client application, by including that FQDN as a new server location in the client application.

  • From their Workspace ONE, if your environments are integrated.

You can optionally configure your Horizon Cloud environment to require your end users use Workspace ONE only.

You can configure enforcement on users who are accessing their desktops and applications from locations outside your corporate network or on users accessing from inside your corporate network, or both. When using VMware Identity Manager is enforced, users that try to access their desktops other than from Workspace ONE see a message informing them to use Workspace ONE.

Prerequisites

Verify that your Horizon Cloud and Workspace ONE environments are integrated.

Procedure

  1. In the Administration Console, navigate to Settings > Identity Management and click Configure.
  2. In the dialog box, make selections according to your organization's needs.

    Option

    Description

    Force Remote Users to vIDM

    When set to Yes, users that are trying to access their desktops from locations outside of your corporate network must log in to Workspace ONE and access desktops from there.

    Force Internal Users to vIDM

    When set to Yes, users that are trying to access their desktops from locations within your corporate network must log in to their Workspace ONE and access desktops from there.

  3. Click Save to confirm the configuration to the system.

What to do next

Verify that the desktop access behaves according to your settings by trying to access a desktop using the Horizon Client or using a browser directly instead of from Workspace ONE.