With the True SSO (single sign-on) feature, after users log in to VMware Workspace ONE Access using a smart card or RSA SecurID or RADIUS authentication, or a third-party identity provider using an Unified Access Gateway appliance, users are not required to also enter Active Directory credentials in order to use a virtual desktop or published desktop or application.

If a user authenticates by using Active Directory credentials, the True SSO feature is not necessary, but you can configure True SSO to be used even in this case, so that the AD credentials that the user provides are ignored and True SSO is used.

Users belonging to an untrusted domain can use True SSO. See Configuring Untrusted Domains.

When connecting to a virtual desktop or published application, users can select to use either the native Horizon Client or HTML Access.

Note: The Horizon True SSO unlock mechanism currently depends on Workspace ONE Access.

This feature has the following limitations:

  • This feature does not work for virtual desktops that are provided by using the Horizon Agent Direct-Connection Plug-In (formerly View Agent Direct-Connection Plug-In).
  • This feature is supported only in IPv4 environments.

You must perform the following tasks to set up your environment for True SSO:

  1. Set Up an Enterprise Certificate Authority
  2. Create Certificate Templates Used with True SSO
  3. Install and Set Up an Enrollment Server
  4. Export the Enrollment Service Client Certificate
  5. Configure SAML Authentication to Work with True SSO
  6. Configure Horizon Connection Server for True SSO