To complete the pairing process, you use the MMC Certificates snap-in to import the Enrollment Service Client certificate into the enrollment server. You must perform this procedure on every enrollment server.
Prerequisites
- Verify that you have a enrollment server. See Install and Set Up an Enrollment Server.
- Verify that you have the correct certificate to import. You can use either your own certificate or the automatically generated, self-signed Enrollment Service Client certificate from one Connection Server in the cluster, as described in Export the Enrollment Service Client Certificate.
Important: To use your own certificates for pairing, place the preferred certificate (and the associated private key) in the custom container ( VMware Horizon Certificates\Certificates) in the Windows Certificate Store on the Connection Server machine. You must then set the friendly name of the certificate to vdm.ec.new, and restart the server. The other servers in the cluster will fetch this certificate from LDAP. You can then perform the steps in this procedure.
If you have your own client certificate, the certificate that you must copy to the enrollment server is the root certificate used to generate the client certificate.
Procedure
What to do next
Configure the SAML authenticator used for delegating authentication to VMware Workspace ONE Access. See Configure SAML Authentication to Work with True SSO.