Before you integrate Horizon Air desktops and applications with VMware Identity Manager, ensure that you meet the prerequisites.

  • Verify that you have the following setup:

    • A VMware Identity Manager on-premises deployment

    • A Horizon Air tenant that is accessible by the VMware Identity Manager service. Work with your Horizon Air representative to set this up.

      Important:

      Your VMware Identity Manager deployment and your Horizon Air tenant need VPN connectivity to work.

    • If you use an additional, external connector, ensure that you use version 2016.1.1 or later.

  • Verify with your Horizon Air service provider that your Horizon Air tenant meets the following requirements.

    • The tenant name must be a fully qualified domain name (FQDN), not just a host name. For example, server-ta1.example.com instead of server-ta1.

    • The tenant appliances must have valid, signed certificates issued by a CA. Self-signed certificates are not supported. The certificate must match the FQDN of the tenant appliance.

    • If you created your VMware Identity Manager directory with UPN as a search attribute, and you intend to sync static desktop pools from the Horizon Air tenant, your service provider must enable UPN for the tenant and restart the tenant appliance, otherwise users will be unable to launch static desktops.

  • Ensure that the Horizon Air tenant and the VMware Identity Manager service are in time sync. If they are not in time sync, an invalid SAML error can occur when users launch Horizon Air desktops and applications.

  • Create and configure desktop and application pools, also known as assignments, in the Horizon Air tenant administration console. You can create the following types of pools in the Horizon Air tenant:

    • Dynamic desktop pool, also known as floating desktop assignment

    • Static desktop pool, also known as dedicated desktop assignment

    • Session-based pool with desktops, also known as session desktop assignment

    • Session-based pool with applications, also known as remote application assignment

      For more information about the types of pools, see the Horizon Air documentation.

    The following limitations apply.

    • VMware Identity Manager only supports launch over PCoIP. Only those desktop and application pools that support launch over PCoIP are synced to VMware Identity Manager.

    • End users must install the Horizon Client to launch desktops and applications.

    • You can only sync from a single Horizon Air tenant to VMware Identity Manager.

  • Set user and group entitlements to Horizon Air desktops and applications in the Horizon Air tenant administration console.

    Note:

    Only entitlements for users that belong to a registered group are synced. Users who do not belong to any group will not see their entitlements in VMware Identity Manager.

  • In the VMware Identity Manager administration console, ensure that users and groups with these entitlements are synced from Active Directory to VMware Identity Manager using directory sync.