To integrate Horizon pods in VMware Identity Manager, you create one or more virtual apps collections in the VMware Identity Manager console. The collections contain the configuration information for the Horizon Connection Servers as well as sync settings.
Before you perform any integration tasks in the VMware Identity Manager console, set up Horizon. You create and configure desktop and application pools in Horizon Administrator, not in VMware Identity Manager. You also set entitlements for Active Directory users and groups in Horizon Administrator.
Integrating Horizon pods with VMware Identity Manager involves the following high-level tasks.
- Deploy and configure Horizon servers.
- Deploy Horizon desktop and application pools, with entitlements set for Active Directory users and groups.
- Sync Active Directory users and groups who are entitled to application and desktop pools in Horizon Connection Server instances to the VMware Identity Manager service using directory sync.
Later, when you configure Horizon pods in the VMware Identity Manager console, you can also select the Perform Directory Sync option. This option specifies that directory sync be performed as part of the resource sync if any users and groups that are entitled to Horizon pools in the Horizon Connection Server instances being synced are missing in the VMware Identity Manager directory.
- Join VMware Identity Manager to the same Active Directory domain as Horizon if you intend to sync any Horizon Connection Server 5.x instances or use the Perform Directory Sync option. Both these configurations use an alternative way of syncing, which requires the domain to be joined.
- Create one or more virtual apps collections for the Horizon pods in VMware Identity Manager.
- Configure SAML authenticator on the Horizon Connection Server. You must always use the VMware Identity Manager FQDN on the Authenticator configuration page.