Integrating View pod federations with VMware Identity Manager has the following requirements.

  • VMware Identity Manager supports the Cloud Pod Architecture feature in Horizon 6.2 and later, for both applications and desktops.

  • You can integrate a maximum of 10 pod federations with the VMware Identity Manager service. Each federation can contain up to 7 pods.

  • Deploy View Connection Server instances on the default port 443 or on a custom port.

  • Verify that you have a DNS entry and an IP address that can be resolved during reverse lookup for each View Connection Server instance in your View environment. VMware Identity Manager requires reverse lookup for View Connection Server, View Security Server, and load balancer instances. If reverse lookup is not properly configured, the VMware Identity Manager integration with View fails.

  • The VMware Identity Manager connector, a component of the service, must be able to reach all the View Connection Server instances in the pod federation.

  • All the View Connection Server instances in the pod federation must have SAML authentication configured, with the VMware Identity Manager service specified as the identity provider. You must use the service's fully-qualified domain name as part of the URL.

    See Configure SAML Authentication for more information.

    Extending the SAML metadata expiration period to 90 days on the View Connection Server instances is recommended. See Change the Expiration Period for Service Provider Metadata on View Connection Server for information.

  • View Connection Server certificates will be synced to VMware Identity Manager.

  • Deploy application and desktop pools in the View pods.

    • While configuring desktop pools, ensure that in Remote Settings, you set the Automatically log off after disconnect option to 1 or 2 minutes instead of immediately.

    • Ensure that you create View pools in the root folder of View. If you create View pools in a folder other than the root folder, VMware Identity Manager cannot query those View pods and entitlements.

    If you add or remove application or desktop pools after integrating with VMware Identity Manager, for the changes to appear in the VMware Identity Manager service, you must sync again.

  • You must create the pod federation in your View environment, by initializing the Cloud Pod Architecture feature from one of the pods and joining all the other pods to the federation, before integrating with the VMware Identity Manager service. Global entitlements are replicated to pods when they join the federation.

    If you join or remove a pod from the pod federation after you integrate with the VMware Identity Manager service, you must edit the pod federation details in the VMware Identity Manager administration console to add or remove the pod, save your changes, and sync again.

  • In your View environment, create global entitlements in the pod federation to entitle Active Directory users or groups to desktops and applications.

  • The global entitlements that you want to sync to VMware Identity Manager must have the All sites scope policy set. Entitlements with any other scope policy are not synced.

    Global Entitlements page

  • To enable end users to launch desktops or application in a Web browser, select the HTML Access option for the global entitlement in View.

  • (Optional) Create local entitlements on the pods, if required.

For more information about configuring View, see the Horizon 6 or Horizon 7 documentation.