A Horizon administrator can create users for unauthenticated access to published applications on a Connection Server instance. In a Cloud Pod Architecture environment, you can entitle these unauthenticated users to applications across the pod federation by adding them to global application entitlements.
Following are considerations for unauthenticated users in a Cloud Pod Architecture environment.
- Unauthenticated users can have only global application entitlements. If an unauthenticated user is included in a global desktop entitlement, a warning icon appears next to the name on the Users and Groups tab for the global desktop entitlement in Horizon Console.
- When you join a pod to the pod federation, unauthenticated user data is migrated to the Global Data Layer. If you unjoin or eject a pod that contains unauthenticated users from the pod federation, unauthenticated user data for that pod is removed from the Global Data Layer.
- You can have only one unauthenticated user for each Active Directory user. If the same user alias is mapped to more than one Active Directory user, Horizon Console displays an error message on the Unauthenticated Access tab on the Users and Groups pane.
- You can assign home sites to unauthenticated users.
- Unauthenticated users can have multiple sessions.
- Unauthenticated access users are not entitled to global application entitlements that have applications published from a desktop pool.
For information about setting up unauthenticated users, see the Horizon Administration document.