By integrating your pod with an on-premises or cloud-hosted VMware Identity Manager™ environment, you give your VMware Identity Manager™ users the ability to access their entitled desktops and applications using Workspace ONE.

VMware Identity Manager™ is an Identity as a Service (IDaaS) offering that provides application provisioning, a self-service catalog, conditional access controls, and single sign-on (SSO) for SaaS, web, cloud, and native mobile applications. VMware Identity Manager™ is available both as an on-premises product and as a service hosted by VMware.

For an overview of this integration from the perspective of the VMware Identity Manager™ environment, see the Providing Access to Horizon Cloud overview. You configure desktops and remote application assignments for your users and groups in the Horizon Cloud Administration Console as usual. After you complete the steps to integrate your pod with your VMware Identity Manager™ environment, you sync the pod's assignment information to the VMware Identity Manager™ service. Then you can see the desktops and applications in the VMware Identity Manager™ administration console and your end users can access their desktops from Workspace ONE. You can set up a regular sync schedule to sync the assignment information from Horizon Cloud to your VMware Identity Manager™ environment.

Note: The screenshots in the VMware Identity Manager™ documentation might look different from the user interface elements you see in your specific VMware Identity Manager™ environment.

The following list is a high-level summary of the end-to-end steps to enable your end users to access their entitled desktops and applications using the Workspace ONE portal.

  1. Obtain a VMware Identity Manager™ environment, either by deploying the on-premises version or by subscribing to the cloud-hosted version to have a VMware Identity Manager™ tenant in the cloud.
    Note: If you specified creation of a cloud-based VMware Identity Manager™ tenant during the pod deployment process, the VMware Identity Manager™ tenant is associated with your Horizon Cloud customer record as part of that process. Pods that already exist for the same Horizon Cloud customer record can then be integrated with that tenant (after the following steps 2 through 5 are completed).
  2. Deploy VMware Identity Manager™ according to the VMware Identity Manager™ guidelines for the deployment model you are using.

    If you are using the cloud-hosted VMware Identity Manager™, you must install a VMware Identity Manager™ connector appliance on premises in your Active Directory network. Read all of the connector-related prerequisites starting with this Prerequisites section.

    Important: You must also ensure that the authoritative time source you configure in that connector matches the NTP server that is configured for the pod. If the time sources do not match, syncing issues can occur. The pod's details page shows the pod's configured NTP server. You can open the pod's details page from the Capacity Page.
  3. Ensure that you meet the VMware Identity Manager™ prerequisites for integration, as documented in the VMware Identity Manager™ product information appropriate for your situation. See the prerequisites information starting with this Prerequisites section.
    Important: In addition to the prerequisites listed below in this documentation topic, you must also ensure that your configured VMware Identity Manager™ environment meets the prerequisites for integration with Horizon Cloud resources, as described in the VMware Identity Manager™ documentation.
    VMware Identity Manager™ environment Prerequisites
    Cloud-hosted Prerequisites for Integration
    On-premises Prerequisites for Integration

    Use the blue rectangle menu in the upper right corner of the linked topic above to view the information for your version.

  4. Enable the desktops from your Horizon Cloud environment to the VMware Identity Manager™ environment, as documented in the VMware Identity Manager™ product information appropriate for your situation:
    VMware Identity Manager™ environment Link to Desktop Enablement Documentation
    Cloud-hosted Configure Horizon Cloud Tenant in VMware Identity Manager
    On-premises Configure Horizon Cloud Tenant in VMware Identity Manager

    Use the blue rectangle menu in the upper right corner of the linked topic above to view the information for your version.

    The final step of that Configure Horizon Cloud Tenant in VMware Identity Manager™ topic describes how to sync the entitled desktops and applications from your Horizon Cloud environment. However, do not perform that sync until after you complete the next step of configuring Horizon Cloud for VMware Identity Manager™ access.
  5. Configure Horizon Cloud for VMware Identity Manager™ access. See Configure a Pod in Microsoft Azure for VMware Identity Manager™.
  6. In your VMware Identity Manager™ environment, sync the entitled desktops and applications to VMware Identity Manager™. In the VMware Identity Manager™ administration console, navigate to the Virtual Apps Configuration page for the collection you created in Step 5 and click Sync.
  7. Verify end-user access to desktops and applications by logging in to Workspace ONE as an end user and launching a desktop and application from the catalog. See Confirm End-User Access to Desktop Assignments in VMware Identity Manager™.

Prerequisites

To complete the integration process through the step of verifying end-user access to the pod-provided desktops or RDS-based remote applications using Workspace ONE, ensure that you have the following items.

  • A fully configured Horizon Cloud pod that has trusted certificates uploaded to the pod's manager VM itself. You need to have a SSL certificate uploaded to the pod itself as described in Upload SSL Certificates to a Horizon Cloud Pod for Direct Connections.
  • VDI desktop assignments, session desktop assignments, or remote application assignments are configured.
  • Access to your organization's configured VMware Identity Manager™ environment, either an on-premises or a cloud-hosted environment. Your VMware Identity Manager™ environment must be configured with trusted certificates.

    If you are deploying VMware Identity Manager™ on premises, follow the deployment information available from the VMware Identity Manager™ documentation page. For the specific versions of the on-premises VMware Identity Manager™ product that are supported for use with this release, see the VMware Product Interoperability Matrixes at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

    If you are using the cloud-hosted VMware Identity Manager™ and your VMware Identity Manager™ tenant is set up, a VMware Identity Manager™ connector appliance is required for integrating your pod with that tenant. This connector sends the information about user and group entitlements to the virtual desktops and applications to your VMware Identity Manager™ tenant. You must install the VMware Identity Manager™ connector appliance in your Active Directory network. Follow the steps as documented in the VMware Identity Manager™ Cloud Documentation, also available from this documentation page, and see the description of this deployment scenario and subtopics. For the connector version that is required for this release, see the VMware Product Interoperability Matrixes at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

    Verify that the connector's configured authoritative time source matches the NTP server that is configured for the pod.

    Note: If you have an existing integration and VMware Identity Manager™ connector appliance, a best practice is to upgrade the connector before upgrading the pod to the latest pod software level.
  • Verify your configured VMware Identity Manager™ environment meets all of the prerequisites for integration with Horizon Cloud resources, as described in the VMware Identity Manager™ documentation.
    VMware Identity Manager™ environment Prerequisites
    Cloud-hosted Prerequisites for Integration
    On-premises Prerequisites for Integration

    Use the blue rectangle menu in the upper right corner of the linked topic above to view the information for your version.

What to do next

After you have verified the integration is working, you can optionally enforce end users to access their desktops and applications using VMware Identity Manager™. See Enforce End-User Access Through VMware Identity Manager™.