After users use True SSO to login to the desktop, they can unlock the desktop after reauthentication from the Workspace ONE portal using the same logon credentials. The Horizon True SSO unlock mechanism currently depends on Workspace ONE Access.
- Verify that you have VMware Horizon version 7.8 or later.
- Verify that you have Workspace ONE version 19.03 or later.
- This feature is supported on the following Horizon Clients:
- Horizon Client for Windows version 5.0 or later
- Horizon Client for Mac 2306 or later
- Horizon Client for Linux version 2306 or later
- Enable Workspace ONE and configure it for use with Connection Server.
See the Workspace ONE documentation at the Workspace ONE documentation Web page.
- Configure Horizon Connection Server for True SSO.
- To start virtual or published desktops, connect to a Connection Server in Workspace ONE mode that has True SSO configured. See, the Horizon Client documentation at the VMware Horizon Clients documentation Web page.
- Start virtual or published desktops from the Workspace ONE portal so that the user can use single sign on with True SSO.
- Lock the desktop.
- To unlock the desktop, select VMware True SSO User and click Submit.
You are redirected to the browser to re-authenticate with Workspace ONE.
- Enter the credentials and passcode of the locked desktop.
What to do next
You can disable this feature by setting a registry key on the machine where Horizon Agent is installed, in the following location:
HKLM\Software\VMware, Inc.\VMware VDM\Agent\CertSSO[DisableCertSSOUnlock=true]
|Steps to disable feature
|Horizon Windows Client
Set the registry key
If the registry key is set, the VMware True SSO User option does not appear when the user unlocks the desktop.
|Horizon Linux Client
|Horizon Mac Client
|EnableTrueSSOUnlock = ‘0’ in plist