You can integrate multiple Horizon Cloud tenants with a single instance of VMware Identity Manager so that Horizon Cloud resources and entitlements from all the tenants can be synced to a single location, authentication and access policies can be centrally managed, and end users with entitlements in different tenants can be served from a single portal or app.
VMware Identity Manager supports integration with the following types of Horizon Cloud environments:
- Horizon Cloud Hosted Infrastructure (Soft-Layer and Azure)
- Horizon Cloud On Premises Infrastructure
While integrating multiple Horizon Cloud tenants, take into account the following considerations.
- A single connector, the VMware Identity Manager component that syncs resources and entitlements from Horizon Cloud to the VMware Identity Manager service, can sync resources and entitlements from multiple Horizon Cloud tenants.
- Each Horizon Cloud tenant might provide entitlements for users in different Active Directory instances and domains. Ensure that you add all the relevant directories and domains to VMware Identity Manager so all users with entitlements in any of the Horizon Cloud tenants are synced to VMware Identity Manager.
- If the tenant appliances have self-signed certificates, you must upload the self-signed certificate as a trusted root certificate in VMware Identity Manager. When you integrate multiple Horizon Cloud tenants, you must ensure that all the certificates have the same root certificate as only one root certificate can be uploaded to VMware Identity Manager.
- VMware Identity Manager cannot access and sync entitlements from a tenant on which two-factor authentication is enabled.
- In VMware Identity Manager, you can add all the Horizon Cloud tenants in one configuration, called a virtual apps collection, or create multiple configurations. When all the Horizon Cloud tenants are added to one configuration, if VMware Identity Manager cannot access one of the tenants, it creates an alert and continues to sync resources and entitlements from the other tenants.
- Ensure that you configure SAML authentication in each Horizon Cloud tenant that you integrate with VMware Identity Manager.