After you have registered an Active Directory domain with your Horizon Cloud environment, you can configure True SSO for it. True SSO is a feature that integrates with VMware Identity Manager™ to allow users to single sign-on to the virtual Windows desktops and applications served by Horizon Cloud without needing to also enter their Active Directory credentials into the Windows operating system. When True SSO is configured for your environment, the end users authenticate by logging into VMware Identity Manager™. After that authentication, the user is able to launch their entitled desktops or applications without a prompt for Active Directory credentials.

Configuring True SSO for use with your environment is a multi-step process. At a high-level, the steps are:

  1. Set up the infrastructure required for True SSO to operate, which involves:
    1. Installing and configuring a Windows Server Certificate Authority (CA) to be an enterprise CA . The procedures in this section are for Windows Server 2012 R2. Very similar steps can be followed on Windows Server 2008 R2.
    2. Setting up a certificate template on the CA.
    3. Downloading the Horizon Cloud pairing bundle from the Administration Console's Active Directory page. The pairing bundle is used when setting up the Enrollment Server.
    4. Setting up the Enrollment Server.
      Important: After setting up the Enrollment Server, make sure you meet the port requirements for the Enrollment Server described in DNS Requirements for a Horizon Cloud Pod in Microsoft Azure.
  2. Adding the Enrollment Server information to the Administration Console's Active Directory page.

When the configuration is complete, the enterprise CA and Enrollment Server work together to issue short-lived certificates that are used to log the users in to their entitled desktops and applications. The Horizon Cloud pod asks the Enrollment Server for a certificate for a specific entitled user. The Enrollment Server contacts the CA to generate the requested certificate and then returns the certificate to the Horizon Cloud pod.

Prerequisites

Before configuring True SSO, you must have at least one VMware Identity Manager™ environment configured. Complete the steps described in Integrate a Horizon Cloud Pod in Microsoft Azure with a VMware Identity Manager™ Environment.

Results

After completing the steps, your environment is configured with True SSO.