To create an administrator that can manage a federation access group, you select a user or group from your Active Directory users and groups and assign a role that is applicable to federation access groups in Horizon Console.

To apply to a federation access group, a role must contain at least one object-specific privilege that is applicable to federation access groups. Roles that contain only global privileges or access group-specific privileges do not apply to federation access groups.

Prerequisites

Create a federation access group. See Add a Federation Access Group.

Procedure

  1. Log in to the Horizon Console user interface for any Connection Server instance in the pod federation.
  2. Select Settings > Administrators.
  3. On the Administrators and Groups tab, click Add User or Group.
  4. Click Add, select one or more search criteria, and click Find to filter Active Directory users or groups based on your search criteria.
  5. Select the Active Directory user or group that you want to be an administrator user or group and click OK.
    You can press the Ctrl and Shift keys to select multiple users and groups.
  6. Click Next and select a role.
    The Federation Access Group column indicates whether a role applies to federation access groups.
    Option Action
    The role you selected applies to federation access groups Click Next and select one or more federation access groups.
    You want the role to apply to all federation access groups Click Next and select the root federation access group.
  7. Click Finish to create the administrator user or group.

Results

The new administrator user or group appears in the left pane and the role and federation access group that you selected appear in the right pane on the Administrators and Groups tab.