You can integrate multiple Horizon Cloud tenants with a single instance of Workspace ONE Access so that Horizon Cloud resources and entitlements from all the tenants can be synced to a single location, authentication and access policies can be centrally managed, and end users with entitlements in different tenants can be served from a single portal or app.
While integrating multiple Horizon Cloud tenants, take into account the following considerations.
- A single Workspace ONE Access connector can sync resources and entitlements from multiple Horizon Cloud tenants to the Workspace ONE Access service.
- Each Horizon Cloud tenant might provide entitlements for users in different Active Directory instances and domains. Ensure that you add all the relevant directories and domains to Workspace ONE Access so all users with entitlements in any of the Horizon Cloud tenants are synced to Workspace ONE Access.
- If the tenant appliances have self-signed certificates, you must upload the self-signed certificate as a trusted root certificate in Workspace ONE Access. When you integrate multiple Horizon Cloud tenants, you must ensure that all the certificates have the same root certificate as only one root certificate can be uploaded to Workspace ONE Access.
- Workspace ONE Access cannot access and sync entitlements from a tenant on which two-factor authentication is enabled.
- In Workspace ONE Access, you can add all the Horizon Cloud tenants in one configuration, called a virtual apps collection, or create multiple configurations. When all the Horizon Cloud tenants are added to one configuration, if Workspace ONE Access cannot access one of the tenants, it creates an alert and continues to sync resources and entitlements from the other tenants.
- Ensure that you configure SAML authentication in each Horizon Cloud tenant that you integrate with Workspace ONE Access.