In the process of authenticating to the cloud-based administrative console, the first login screen requires an existing VMware Customer Connect account that is associated with your specific tenant. To grant other users in your company or organization the ability to log in to that first login screen, their individual VMware Customer Connect accounts must get associated with this same tenant, and with an appropriate role. The role assigned to an individual's account should align with the types of actions that you want to permit that individual to perform in the tenant using the console.
The role that you assign using the steps here is one of the two types of roles that the console uses to determine both what a person's authenticated session allows that person to view in the console and what actions they can perform on what they can see in the console. The role assigned to the VMware Customer Connect account determines the following items:
- Whether an individual has the ability to authenticate to the console using the console's login screen.
- Whether the person can view all of the console's areas or a subset of the areas, such as the the help-desk-related areas.
- The specific actions the person is able to invoke in the console, within the areas they can view.
In addition to the role associated with a VMware Customer Connect account, when Active Directory domains are registered with your Horizon Cloud tenant, the role that is assigned to a person's Active Directory group grants their user account with access that works in tandem with the role associated with their VMware Customer Connect account. The role assigned to the Active Directory group to which the user account belongs controls which of the console's elements are accessible to that person after they log in using their Active Directory account credentials at the console's second login screen. For a list of those roles, see Assign Roles to Active Directory Groups that Control Which Areas of the Horizon Universal Console are Activated for Individuals in Those Groups After They Authenticate to Your Horizon Cloud Tenant Environment.
You perform these steps using the Horizon Universal Console at https://cloud.horizon.vmware.com. In that console, you associate VMware Customer Connect accounts with your tenant. The location you use the console depends on whether your tenant has zero cloud-connected pods or already has at least one pod. When the tenant has zero cloud-connected pods yet, you must perform these steps using the Getting Started page. Until you have at least one cloud-connected pod, the console prevents access to its pages other than the Getting Started one.
- Whether the feature depends on system code available only in the latest Horizon Cloud pod manifest, Horizon pod version, or Horizon Cloud Connector version.
- Whether access to the feature is in Limited Availability, as stated in the Release Notes at the feature's debut.
- Whether the feature requires specific licensing or SKUs.
When you see mention of a feature in this documentation and you do not see that feature in the console, first check the Release Notes to see if the feature's access is limited and the way you can request enablement in your tenant. Alternatively, when you believe you are entitled to use a feature that is described in this documentation and you do not see it in the console, you can ask your VMware Horizon Cloud Service representative or, if you do not have a representative, you can file a service request (SR) to the Horizon Cloud Service team as described in How to file a Support Request in Customer Connect (VMware KB 2006985).
Procedure
Results
If all of the added VMware Customer Connect account IDs exist at vmware.com, they can be used to authenticate in the first Horizon Cloud login screen.
What to do next
If the added users' Active Directory accounts are in Active Directory groups which do not yet have an associated Horizon Cloud role, complete the steps described in Assign Roles to Active Directory Groups that Control Which Areas of the Horizon Universal Console are Activated for Individuals in Those Groups After They Authenticate to Your Horizon Cloud Tenant Environment. Follow the best-practice pairings described in Best Practices about the Two Types of Roles You Give to People to Use the Horizon Universal Console to Work in Your Horizon Cloud Environment.