After you create a federation artifact in the VMware Identity Manager administration console, configure SAML authentication in the Horizon Cloud tenant.

About this task


Do not configure SAML authentication if your organization uses smart card authentication to view resources using a third-party identity provider.


The Horizon Cloud tenant appliance and VMware Identity Manager must be in time sync. If they are not in time sync, when you try to launch Horizon Cloud desktops and applications, an invalid SAML message appears.


  1. In the VMware Identity Manager administration console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, click SAML Metadata.
  3. Click the Identity Provider (IdP) metadata link.

    metadata link

  4. Make a note of the URL from the browser's address bar, such as https://VMwareIdentityManagerFQDN/SAAS/API/1.0/GET/metadata/idp.xml.
  5. Log in to the Horizon Cloud tenant.
  6. Navigate to Settings > General Settings > Edit.
  7. In the IDM section, enter the information required.




    The VMware Identity Manager IdP metadata URL you copied in step 4.

    Timeout SSO Token

    (Optional) The amount of time, in minutes, after which the SSO token times out.

    Data Center

    The Horizon Cloud data center name. For example, Horizon.

    Tenant Address

    The Horizon Cloud tenant address. Specify the floating IP address or hostname, or Access Point IP address or hostname of the Horizon Cloud tenant appliance. For example,


Your integration is complete. You can now view Horizon Cloud desktop and application pools in the VMware Identity Manager administration console and end users can launch the resources to which they are entitled.