Administrators can create users for unauthenticated access to published applications. After an administrator configures a user for unauthenticated access, the user can log in to the Connection Server instance from Horizon Client only with unauthenticated access.


  • Administrators can create only one user for each Active Directory account.
  • Administrators cannot create unauthenticated user groups. If you create an unauthenticated access user and there is an existing client session for that AD user, you must restart the client session to make the changes take effect.
  • If you select a user with desktop entitlements and make the user an unauthenticated access user, the user will not have access to the entitled desktops.


  1. In Horizon Console, select Users and Groups.
  2. On the Unauthenticated Access tab, click Add.
  3. In the Add Unauthenticated User wizard, select one or more search criteria and click Find to find users based on your search criteria.
  4. Select a user and click Next.
  5. Enter the user alias.
    The default user alias is the user name that was configured for the AD account. End users can use the user alias to log in to the Connection Server instance from Horizon Client.
  6. (Optional) Review the user details and add comments.
  7. Click Submit.


Connection Server creates the unauthenticated access user and displays the user details including user alias, user name, first and last name, domain, application entitlements, and sessions.

What to do next

After you create users for unauthenticated access, you must enable unauthenticated access in Connection Server to enable users to connect and access published applications. See, Enable Unauthenticated Access for Users.