To integrate Workspace ONE Access with Horizon Cloud environments with single-pod brokering enabled for the pods deployed in Microsoft Azure, or Horizon Cloud on IBM Cloud environments, you need a Horizon Cloud tenant, a Workspace ONE Access tenant, and a Workspace ONE Access connector. You must install the connector on premises with line-of-sight to the Horizon Cloud tenant.
- The Workspace ONE Access connector syncs user and group information from Active Directory to the Workspace ONE Access tenant.
- The connector syncs Horizon Cloud user and group entitlements from the Horizon Cloud tenant to the Workspace ONE Access tenant.
- The end user accesses a desktop or application as follows:
- The end user logs into the Intelligent Hub app or portal and clicks on a desktop or application.
- The Workspace ONE Access service generates a launch URL and passes it to the Horizon Client. The launch URL includes a SAML artifact ID.
- The Horizon Client accesses the launch URL.
- The Horizon Cloud tenant receives the request and validates the SAML artifact ID with the Workspace ONE Access service.
- If the SAML artifact ID is validated by the Workspace ONE Access service, the desktop or application is streamed to the Horizon Client by the Horizon Cloud tenant.
About the Workspace ONE Access Connector Requirement
Before you can integrate your Horizon Cloud tenant with Workspace ONE Access, you must install the Workspace ONE Access connector on premises. The connector is required to sync resources and entitlements from Horizon Cloud to your Workspace ONE Access tenant as well as to sync users and groups from Active Directory to your Workspace ONE Access tenant.
Install Workspace ONE Access connector version 19.03.0.1. See Installing and Configuring VMware Identity Manager Connector 19.03 (Windows) for information.
After you install and configure the connector, create a directory in your Workspace ONE Access tenant and sync the Active Directory users and groups that have Horizon Cloud desktop and application entitlements.