After you create a federation artifact in the VMware Identity Manager administration console, configure SAML authentication in the Horizon Air tenant.
About this task
Do not configure SAML authentication if your organization uses smart card authentication to view resources using a third-party identity provider.
The Horizon Air tenant appliance and VMware Identity Manager must be in time sync. If they are not in time sync, when you try to launch Horizon Air desktops and applications, an invalid SAML message appears.
- In the VMware Identity Manager administration console, click the arrow on the Catalog tab and select Settings.
- In the left pane, click SAML Metadata.
- Click the Identity Provider (IdP) metadata link.
- Make a note of the URL from the browser's address bar, such as https://VMwareIdentityManagerFQDN/SAAS/API/1.0/GET/metadata/idp.xml.
- Log in to the Horizon Air tenant.
- Navigate to .
- In the IDM section, enter the information required.
The VMware Identity Manager IdP metadata URL you copied in step 4.
Timeout SSO Token
(Optional) The amount of time, in minutes, after which the SSO token times out.
The Horizon Air data center name. For example, Horizon.
The Horizon Air tenant address. Specify the floating IP address or hostname, or Access Point IP address or hostname of the Horizon Air tenant appliance. For example, mytenant.example.com.
Your integration is complete. You can now view Horizon Air desktop and application pools in the VMware Identity Manager administration console and end users can launch the resources to which they are entitled.