To integrate Horizon Cloud with On-Premises Infrastructure with VMware Identity Manager, you must configure VMware Identity Manager with Horizon Cloud Node information. This process configures the federation artifact in your VMware Identity Manager environment for Horizon Cloud with On-Premises Infrastructure. The federation artifact is needed for the SAML authentication.

Prerequisites

Verify that you have met the prerequisites described in Integrate Horizon Cloud with On-Premises Infrastructure with a VMware Identity Manager Environment.

If you are not using Unified Access Gateway, obtain the FQDN used for your Horizon Cloud Node, such as desktops.mycorp.com. One way to obtain the FQDN is to first locate the IP address in the Administration Console by navigating to Settings > Infrastructure. Then obtain the FQDN that is associated with that IP address from your organization's DNS information.

Note:

If you are using an on-premises VMware Identity Manager environment, using the Horizon Cloud Node IP address instead of its FQDN technically works. However, that configuration is not recommended.

If you are using Unified Access Gateway, obtain the URL used for your Unified Access Gateway deployment.

Procedure

In the VMware Identity Manager administration console, configure the federation artifact settings for Horizon Cloud as described in the VMware Identity Manager documentation.

Setting

Description

Assertion Consumer Service

Type the URL to which the SAML assertion is to be posted. The URL must be one of the following items, depending on your installed environment:

  • The Unified Access Gateway URL, if you are using Unified Access Gateway

  • A URL of the form https://Node-FQDN where Node-FQDN is the FQDN of your Horizon Cloud Node, such as http://ournode-sm1.example.com.

Audience

This setting is a unique identifier for your environment that you are integrating with VMware Identity Manager. You typically use the same URL as used in the Assertion Consumer Service field, either the Unified Access Gateway URL or a URL constructed from the Horizon Cloud Node FQDN.

This field corresponds to the AudienceRestriction condition in SAML authentication, which describes the context in which the SAML assertion is valid. Your Unified Access Gateway or Horizon Cloud Node uses this property to verify that it is the intended recipient of the SAML response from VMware Identity Manager.

Tenant Appliance URLs

Type an admin/SAML/metadata URL of one of the following forms, depending on your installed environment.

  • If you are using Unified Access Gateway, type a URL of the form https://UnifiedAccessGateway-FQDN/admin/SAML/metadata where UnifiedAccessGateway-FQDN is the FQDN of your Unified Access Gateway.

  • If you are not using Unified Access Gateway, type a URL of the form https://Node-FQDN where Node-FQDN is the FQDN of your Horizon Cloud Node.

What to do next

Configure the identity provider information needed for the SAML authentication in your Horizon Cloud with On-Premises Infrastructure environment. See Configure Horizon Cloud Node for VMware Identity Manager.