To integrate Horizon Cloud with Workspace ONE Access, you need a Horizon Cloud tenant, a Workspace ONE Access tenant, and a Workspace ONE Access connector. You must install the connector on premises with line-of-sight to the Horizon Cloud tenant.

Figure 1. Horizon Cloud Integration with Connector Deployed On Premises

On premises connector

  1. The connector syncs user and group information from Active Directory to the Workspace ONE Access tenant.
  2. The connector syncs Horizon Cloud user and group entitlements from the Horizon Cloud tenant to the Workspace ONE Access tenant.
  3. The end user accesses a desktop or application as follows:
    1. The end user logs into the Workspace ONE Access service and clicks on a desktop or application.
    2. The service generates a launch URL and passes it to the Horizon Client. The launch URL includes a SAML artifact ID.
    3. The Horizon Client accesses the launch URL.
    4. The Horizon Cloud tenant receives the request and validates the SAML artifact ID with the Workspace ONE Access service.
    5. If the SAML artifact ID is validated by the Workspace ONE Access service, the desktop or application is streamed to the Horizon Client by the Horizon Cloud tenant.

Installing the Connector

Connector version 2016.1.1 or later is required for Horizon Cloud integration. Integrating multiple Horizon Cloud tenants with a single Workspace ONE Access tenant is supported in connector version 2017.8.1.0 and later.

For information on installing the 19.03 Windows connector, see Installing and Configuring VMware Identity Manager Connector 19.03.0.0 (Windows).

After you install and configure the connector, create a directory in your Workspace ONE Access tenant and sync the Active Directory users and groups that have Horizon Cloud desktop and application entitlements.