After you create a virtual apps collection for the Horizon Cloud integration in the Workspace ONE Access console, configure SAML authentication in the Horizon Cloud tenant.
If you are integrating multiple Horizon Cloud tenants, ensure that you configure SAML authentication in all the tenants.
Note: The
Horizon Cloud tenant appliance and
Workspace ONE Access must be in time sync. If they are not in time sync, when you try to launch
Horizon Cloud desktops and applications, an invalid SAML message appears.
Procedure
- In the Workspace ONE Access console, select the tab, then click Settings.
- In the left pane, under SaaS Apps, click SAML Metadata.
- In the Download SAML Metadata tab, click Copy URL next to the Identity Provider (IdP) metadata link.
The URL, which is in a format similar to https://
VMwareIdentityManagerFQDN/SAAS/API/1.0/GET/metadata/idp.xml, is copied to your clipboard.
- Log in to the Horizon Cloud tenant.
- Navigate to .
- Click New.
- Configure the required settings.
Option |
Description |
Identity Manager URL |
The Workspace ONE Access IdP metadata URL you copied. The URL is typically in the following format: https://VMwareIdentityManagerFQDN/SAAS/API/1.0/GET/metadata/idp.xml |
Timeout SSO Token |
(Optional) The amount of time, in minutes, after which the SSO token times out. |
Data Center |
The Horizon Cloud data center name. Select the name from the drop-down list. |
Tenant Address |
The Horizon Cloud tenant address. Specify the floating IP address or hostname of the Horizon Cloud tenant appliance, or the Unified Access Gateway IP address or hostname. For example, mytenant.example.com. |
On Horizon Cloud on Azure, the following settings appear.
Option |
Description |
VMware Identity Manager URL |
The Workspace ONE Access IdP metadata URL you copied. The URL is typically in the following format: https://VMwareIdentityManagerFQDN/SAAS/API/1.0/GET/metadata/idp.xml |
Timeout SSO Token |
(Optional) The amount of time, in minutes, after which the SSO token times out. |
Location |
Select a location to filter the Node drop-down list to the nodes associated with that location. |
Node |
Select the node you are integrating with Workspace ONE Access. |
Data Center |
The Horizon Cloud data center name. Select the name from the drop-down list. |
Tenant Address |
The Horizon Cloud tenant address. Specify the floating IP address or hostname of the Horizon Cloud tenant appliance, or the Unified Access Gateway IP address or hostname. For example, mytenant.example.com. |
- Click Save.
If the integration is successful, the status is green.
- To block user access except through Workspace ONE Access, click Configure and edit the settings.
Option |
Description |
Force Remote Users to Identity Manager |
Select YES to block remote user access except through IDM. Option only displays if Identity Manager status is green. |
Force Internal Users to Identity Manager |
Select YES to block internal user access except through IDM. Option only displays if Identity Manager status is green. |
Results
Your integration is complete. After you sync Horizon Cloud resources to
Workspace ONE Access, you can view
Horizon Cloud desktop and application pools in the
Workspace ONE Access console and end users can launch the resources to which they are entitled from the Workspace ONE portal or app.