After setting up your Horizon environment, you must set up your VMware Identity Manager environment before you integrate the Horizon pods and pod federations with the VMware Identity Manager service.


  1. Ensure that distinguishedName is set as a required attribute for the VMware Identity Manager directory and that it is mapped to the Active Directory attribute distinguishedName.
    Attributes must be marked as required before the directory is created. After the directory is created, attributes cannot be changed from optional to required.
    1. In the VMware Identity Manager console, navigate to the Identity & Access Management > Setup > User Attributes page.
    2. Under Default Attributes, select the Required check box for distinguishedName.
    3. Click Save.
    4. While creating the directory, map the distinguishedName attribute to the Active Directory attribute distinguishedName.
  2. Sync the users and groups that have global or local entitlements in Horizon from Active Directory to the VMware Identity Manager service using directory sync.
    1. To view current users and groups, click the Users & Groups tab.
    2. Select the Identity & Access Management > Directories tab.
    3. Select the appropriate directory.
    4. Modify the directory settings if needed, and click Sync Now.
    Note: Users must have the userPrincipalName attribute set. If the userPrincipalName attribute is not set for a user, the user may not be able to run desktops and applications.
  3. If applicable, establish a connection to multi-domains or trusted multi-forest domains in Active Directory. See Installing and Configuring VMware Identity Manager for information.