To provide users the ability to run a Horizon application or desktop from the VMware Identity Manager service and have single sign-on from VMware Identity Manager to the application or desktop, configure SAML authentication in Horizon.
SAML authentication must be configured on at least one Horizon Connection Server instance in a pod. Configuring SAML authentication on all the instances in a pod is recommended.
If SAML authentication is disabled on some of the Horizon Connection Server instances in a pod, VMware Identity Manager uses the other instances and sync continues to work. However, you must ensure that any instance with SAML authentication disabled is not used for launch. Do not use the instance in the Client Access URL or, if the Client Access URL points to a load balancer, as one of the nodes on the load balancer. If you do so, users will not be able to run the Horizon desktops or applications.
If SAML authentication is disabled on all the Horizon Connection Server instances in the pod, sync fails.