By integrating your Horizon Cloud with On-Premises Infrastructure environment with an on-premises or cloud-hosted VMware Identity Manager™ environment, you give your VMware Identity Manager users the ability to access their entitled desktops using the Workspace ONE portal.

About this task

VMware Identity Manager is an Identity as a Service (IDaaS) offering that provides application provisioning, a self-service catalog, conditional access controls, and single sign-on (SSO) for SaaS, web, cloud, and native mobile applications. VMware Identity Manager is available both as an on-premises product and as a service hosted by VMware.

For an overview of this integration from the perspective of the VMware Identity Manager environment, see the Providing Access to Horizon Cloud overview. You configure desktop assignments for your users and groups in the Horizon Cloud Administration Console as usual. After you complete the steps to integrate the Horizon Cloud Node environment with your VMware Identity Manager environment, you sync the desktop assignment information to the VMware Identity Manager service. Then you can see the desktops in the VMware Identity Manager administration console and your end users can access their desktops from the Workspace ONE portal. You can set up a regular sync schedule to sync the assignment information from your Horizon Cloud Node environment to your VMware Identity Manager environment.

Note:

When you integrate VMware Identity Manager with Horizon Cloud with On-Premises Infrastructure, a best practice is to include Unified Access Gateway in the configuration to provide your end users with seamless HTML web access to their virtual desktops. See the Unified Access Gateway product documentation for deployment steps.

The following list is a high-level summary of the end-to-end steps to enable your end users to access their entitled desktops using the Workspace ONE portal.

  1. Obtain a VMware Identity Manager environment, either by deploying the on-premises version or by subscribing to the cloud-hosted version.

  2. Deploy VMware Identity Manager according to the VMware Identity Manager guidelines for the deployment model you are using.

    If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. For details, see the description of the deployment scenario in the VMware Identity Manager documentation.

  3. Ensure that you meet the VMware Identity Manager prerequisites for integration, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Prerequisites

    Cloud-hosted

    Prerequisites for Integration

    On-premises version 2.8.x

    Prerequisites for Integration

  4. Install certificates into your VMware Identity Manager environment and your Horizon Cloud Node environment.

  5. Enable desktops from your Horizon Cloud with On-Premises Infrastructure environment to the VMware Identity Manager environment, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Link to Desktop Enablement Documentation

    Cloud-hosted

    Enable Horizon Cloud Desktops and Apps in VMware Identity Manager

    On-premises version 2.8.x

    Enable Horizon Cloud Desktops and Apps in VMware Identity Manager

  6. In your VMware Identity Manager environment, configure a federation artifact for your Horizon Cloud with On-Premises Infrastructure environment. The federation artifact is needed for configuration of the SAML authentication between the two environments. See Configure VMware Identity Manager for Horizon Cloud with On-Premises Infrastructure.

  7. Configure Horizon Cloud with On-Premises Infrastructure for VMware Identity Manager access. See Configure Horizon Cloud Node for VMware Identity Manager.

  8. In your VMware Identity Manager environment, sync the entitled desktops to VMware Identity Manager, as documented in the VMware Identity Manager product information appropriate for your situation:

    VMware Identity Manager environment

    Link to Desktop Enablement Steps

    Cloud-hosted

    Syncing Horizon Cloud Desktops and Apps with VMware Identity Manager

    On-premises version 2.8.x

    Syncing Horizon Cloud Desktops and Apps in VMware Identity Manager

  9. Verify end-user access to desktops by logging in to the Workspace ONE portal as an end user and launching a desktop from the catalog. See Confirm End-User Access to Desktop Assignments in VMware Identity Manager.

Prerequisites

To complete the integration process through the step of verifying end-user desktop access using the Workspace ONE portal, ensure that you have the following items.

  • A fully configured Horizon Cloud Node environment, that uses trusted certificates and has configured desktop assignments. For steps on uploading certificates to your Horizon Cloud Node, see Upload Certificates.

  • Access to your organization's configured VMware Identity Manager environment, either an on-premises or a cloud-hosted environment. Your VMware Identity Manager environment must be configured with trusted certificates.

    If you are deploying VMware Identity Manager on premises, follow the deployment information in the VMware Identity Manager documentation center for your version of the on-premise product. The documentation centers for each on-premise product version are available from the VMware Identity Manager documentation page. For the specific versions of the on-premises VMware Identity Manager product that are supported for use with this version of Horizon Cloud with On-Premises Infrastructure, see the Release Notes.

    If you are using the cloud-hosted VMware Identity Manager, you must install a VMware Identity Manager connector appliance on premises in your Active Directory network. Follow the steps as documented in the VMware Identity Manager documentation center, and see the description of this deployment scenario and subtopics. For the connector version that is required for this release of Horizon Cloud with On-Premises Infrastructure, see the Release Notes.

Verify that your configured VMware Identity Manager environment meets the prerequisites for integration with Horizon Cloud resources, as described in the VMware Identity Manager documentation.

VMware Identity Manager environment

Prerequisites

Cloud-hosted

Prerequisites for Integration

On-premises version 2.8.x

Prerequisites for Integration

Optionally integrate Unified Access Gateway with Horizon Cloud with On-Premises Infrastructure. Using Unified Access Gateway in this configuration is a best practice. See the deploying and configuration information available at the Unified Access Gateway, in the Unified Access Gateway product documentation available at its Unified Access Gateway documentation landing page.

What to do next

After you have verified the integration is working, you can optionally enforce end users to access their desktops using VMware Identity Manager. See Enforce End-User Access Through VMware Identity Manager.