After the Enrollment Server is set up, you enter the information in the Horizon Universal Console's Active Directory page.


Complete the previous step First-Gen Horizon Cloud - True SSO - Set up the Enrollment Server.

Verify that you have met the port and protocol requirements for the pod's manager VMs and Enrollment Server network traffic, as described in First-Gen Tenants - Horizon Cloud on Microsoft Azure Deployments - Host Name Resolution Requirements, DNS Names. If the appopriate ports are not allowing traffic, pairing of the Enrollment Server will fail.


  1. In the console, navigate to Settings > Active Directory.
  2. Click Add next to True SSO Configuration.

    The True SSO Config dialog displays.

    Note: Because you already configured the Enrollment Server you can ignore the Download Pairing Token link in this dialog.
  3. Enter the fully-qualified domain name (FQDN) of your enrollment server in the Primary Enrollment Server field and click the Test Pairing button next to the field.
    The other required fields are auto-populated.
  4. Click Save
  5. To configure a Secondary Enrollment Server for high-availability, do the following.
    1. Repeat the process described in First-Gen Horizon Cloud - True SSO - Set up the Enrollment Server on a second machine.
    2. Edit the True SSO configuration and add the second ES address in the Secondary Enrollment Server field, and then test the pairing.
    3. Save the configuration again.


The configuration information now appears on the Active Directory page under True SSO Configuration.

Important: The True SSO configuration is a tenant-wide type of configuration. The True SSO configuration will apply across all of your pod fleet's Horizon Cloud pods in Microsoft Azure. As a result, after you have successfully configured True SSO in your Horizon Cloud tenant for the first time, and then you later subsequently deploy additional Horizon Cloud pods into your Microsoft Azure subscriptions using the automated pod-deployment wizard, the system will send the same True SSO configuration to all of those pods and attempt to validate the same True SSO configuration against those pods.