You perform management and administrative tasks on your cloud-connected pods using the cloud-based Horizon Universal Console. The console is a browser-based interface provided by the cloud service. You use an industry standard browser to log in to the console. Some details of the login steps vary depending on the configuration of your specific environment.

Note: Login authentication into the cloud-based console relies on authenticating account credentials with VMware Cloud Services. If that service is unable to complete the necessary authentication requests, then you will not be able to log in to the console during that time period. If you encounter issues logging in to the console's first login screen, check the Horizon Cloud System Status page at to see the latest system status. On that page, you can also subscribe to receive updates.

See About Authentication to a Horizon Cloud Tenant Environment for an overview of the authentication flows used to access the console.


Verify that you have the credentials of a VMware Cloud Services account or a VMware Customer Connect account (previously called a My VMware account) that is associated with the Horizon Cloud tenant environment.

When an Active Directory domain is already registered with the Horizon Cloud tenant, verify that you have the credentials for an Active Directory account in that domain that has access permissions.


  1. Navigate to the Horizon Universal Console portal URL at
    That URL redirects to the VMware Cloud Services login screen, illustrated in this screenshot. Sign in using your credentials that are associated with your Horizon Cloud tenant.
    Screenshot of the VMware Cloud Services login screen.

    If you have not previously accepted the Horizon Cloud terms of service using those credentials, a terms of service notification box appears after you click the Login button. Accept the terms of service to continue.
  2. Follow the on-screen flow, according to the authentication flow that is applicable to the Horizon Cloud tenant's state. For details about the tenant states and flows, see About Authentication to a Horizon Cloud Tenant Environment.


The console appears.
  • If you submit your correct Active Directory credentials in the Active Directory login screen and an error message appears that states AD permissions mismatch. Please contact your main administrator to review your assigned roles., this means that your Active Directory user account is in an Active Directory group that has been assigned a role on the console's Roles & Permissions page that provides fewer permissions than the role assigned to you in the My VMware section of the General Settings page. This discrepancy prevents you from logging in. To correct this issue, a person in your organization that has administrator privileges for the Horizon Cloud tenant can log in and change your assigned role in the My VMware section of the General Settings page so that the permissions are consistent with the permissions for your role selected on the Roles & Permissions page. For information about how the two types of roles work together, see Best Practices about the Two Types of Roles You Give to People to Use the Horizon Universal Console to Work in Your Horizon Cloud Environment.

    That message will not appear when the credentials entered in the VMware Cloud Services login is for the account marked as the Owner in the cloud plane's tenant record for the environment. The system allows that owning account to log in even if there is a role permissions mismatch with the Active Directory group's role.

  • If maintenance is being performed on your environment, a message appears on the login screen indicating that you are unable to log in during the maintenance period.
  • If you mistype the Active Directory user name or password, the system signs out your authentication with VMware Cloud Services. In this situation, you can return to the VMware Cloud Services login and go through the login flow to the Active Directory login screen and try again.

What to do next

If applicable, perform the Active Directory domain registration process to register your Active Directory domain with your Horizon Cloud customer account. See Perform the First Required Active Directory Domain Registration for Your Horizon Cloud Control Plane Tenant. You must finish the entire Active Directory registration process before you can work with any other services.

Note: The default time period for which an administrator can be logged in to the console is 30 minutes. After that time has elapsed, the authenticated session ends and the administrator must log back in. When you have at least one pod in Microsoft Azure, you can adjust this time in the General Settings page's Session Timeout section, by editing the Admin Portal Timeout value. When you have only Horizon pods in your environment, you cannot change the 30 minutes default. See Customizable General Settings for Your Horizon Cloud Tenant Environment.