Before you integrate Horizon Cloud with VMware Identity Manager, ensure that you meet the prerequisites.

  • Verify that you have the following setup:

    • A VMware Identity Manager on-premises deployment

    • A Horizon Cloud tenant that is accessible by the VMware Identity Manager service. Work with your Horizon Cloud representative to set this up.

      Important:

      Your VMware Identity Manager deployment and your Horizon Cloud tenant need VPN connectivity to work.

    • If you use an additional, external connector, ensure that you use version 2016.1.1 or later.

  • Verify that your Horizon Cloud tenant meets the following requirements.

    • The tenant name must be a fully qualified domain name (FQDN), not just a host name. For example, server-ta1.example.com instead of server-ta1.

    • The tenant appliances must have valid, signed certificates issued by a CA. Self-signed certificates are not supported. The certificate must match the FQDN of the tenant appliance.

    • If you created your VMware Identity Manager directory with UPN as a search attribute, and you intend to sync static desktop pools from the Horizon Cloud tenant, your service provider must enable UPN for the tenant and restart the tenant appliance, otherwise users will be unable to launch static desktops.

  • Ensure that the Horizon Cloud tenant and the VMware Identity Manager service are in time sync. If they are not in time sync, an invalid SAML error can occur when users launch Horizon Cloud desktops and applications.

  • Create and configure desktop and application pools, also known as assignments, in the Horizon Cloud tenant administration console. You can create the following types of pools in the Horizon Cloud tenant:

    • Dynamic desktop pool, also known as floating desktop assignment

    • Static desktop pool, also known as dedicated desktop assignment

    • Session-based pool with desktops, also known as session desktop assignment

    • Session-based pool with applications, also known as remote application assignment

      For more information about the types of pools, see the Horizon Air documentation.

    The following limitations apply.

    • You can only sync from a single Horizon Cloud tenant to VMware Identity Manager.

  • Set user and group entitlements to Horizon Cloud desktops and applications in the Horizon Air tenant administration console.

    Note:

    Only entitlements for users that belong to a registered group are synced. Users who do not belong to any group will not see their entitlements in VMware Identity Manager.

  • In the VMware Identity Manager administration console, ensure that users and groups with these entitlements are synced from Active Directory to VMware Identity Manager using directory sync.